Page 100 of 4202 results (0.011 seconds)

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception. Se descubrió un problema en Ceph versiones hasta la versió 13.2.9. Una petición POST con un XML de etiquetado no valido puede bloquear el proceso RGW al desencadenar una excepción del puntero NULL. A flaw was found in the Ceph Object Gateway S3 API, where it did not properly validate the POST requests. • https://bugzilla.suse.com/show_bug.cgi?id=1170170 https://docs.ceph.com/docs/master/releases/mimic https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html https://tracker.ceph.com/issues/44967 https://usn.ubuntu.com/4528-1 https://access.redhat.com/security/cve/CVE-2020-12059 https://bugzilla.redhat.com/show_bug.cgi?id=1827262 • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •

CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0

Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker cannot control which one). Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are considered illegal as of the recently published Git versions can cause Git to send a "blank" pattern to helpers, missing hostname and protocol fields. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html http://seclists.org/fulldisclosure/2020/May/41 https://github.com/git/git/commit/c44088ecc4b0722636e0a305f9608d3047197282 https://github.com/git/git/security/advisories/GHSA-hjc9-x69f-jqj7 https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q https://lists.debian.org/debian-lts-announce/2020/04/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74Q7WVJ6FKLIN62VS2JD2XCNW • CWE-20: Improper Input Validation CWE-522: Insufficiently Protected Credentials •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

re2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/scanner.cc via a long lexeme. re2c versión 1.3, tiene un desbordamiento del búfer en la región heap de la memoria en la función Scanner::fill en el archivo parse/scanner.cc por medio de un lexema largo. • http://www.openwall.com/lists/oss-security/2020/04/21/1 https://blogs.gentoo.org/ago/2020/04/19/re2c-heap-overflow-in-scannerfill-scanner-cc https://github.com/skvadrik/re2c/commit/c4603ba5ce229db83a2a4fb93e6d4b4e3ec3776a https://security.gentoo.org/glsa/202007-28 https://usn.ubuntu.com/4338-1 https://usn.ubuntu.com/4338-2 https://www.openwall.com/lists/oss-security/2020/04/19/1 • CWE-787: Out-of-bounds Write •

CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0

An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability. Se encontró una vulnerabilidad de escritura fuera de límites en glibc versiones anteriores a 2.31, cuando se manejaban trampolines de señal en PowerPC. Concretamente, la función backtrace no comprueba apropiadamente los límites de la matriz cuando almacena la dirección de la trama, resultando en una denegación de servicio o a una posible ejecución de código. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1751 https://security.gentoo.org/glsa/202006-04 https://security.netapp.com/advisory/ntap-20200430-0002 https://sourceware.org/bugzilla/show_bug.cgi?id=25423 https://usn.ubuntu.com/4416-1 https://access.redhat.com/security/cve/CVE-2020-1751 https://bugzilla.redhat.com/show_bug.cgi?id=1810719 • CWE-787: Out-of-bounds Write •

CVSS: 4.4EPSS: 0%CPEs: 6EXPL: 0

In f2fs_xattr_generic_list of xattr.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation.Product: Android. Versions: Android kernel. Android ID: A-120551147. • http://android.googlesource.com/kernel/common/+/688078e7 http://packetstormsecurity.com/files/159565/Kernel-Live-Patch-Security-Notice-LSN-0072-1.html https://source.android.com/security/bulletin/pixel/2020-04-01 https://usn.ubuntu.com/4387-1 https://usn.ubuntu.com/4388-1 https://usn.ubuntu.com/4389-1 https://usn.ubuntu.com/4390-1 https://usn.ubuntu.com/4527-1 • CWE-125: Out-of-bounds Read •