Page 101 of 4199 results (0.009 seconds)

CVSS: 5.5EPSS: 0%CPEs: 45EXPL: 1

An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read. Se detectó un problema en OpenEXR versiones anteriores a 2.4.1. Se presenta un error por un paso en el uso de la función de lectura del archivo ImfXdr.h por DwaCompressor::Classifier::Classifier, conllevando a una lectura fuera de límites. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 https://github.com/AcademySoftwareFoundation/openexr/blob/master/CHANGES.md#version-241-february-11-2020 https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.4.1 https://lists.debian.org/debian-lts-announce/2020/08/msg00056.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4KFGDQG5PVYAU7TS5MZ7XCS6EMPVII3 https:// • CWE-125: Out-of-bounds Read CWE-193: Off-by-one Error •

CVSS: 3.9EPSS: 0%CPEs: 6EXPL: 0

fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location. El archivo fr-archive-libarchive.c en GNOME file-roller versiones hasta 3.36.1, permite un Salto del Directorio durante la extracción porque carece de una comprobación de si el padre de un archivo es un enlace simbólico en un directorio fuera de la ubicación de extracción prevista. • https://gitlab.gnome.org/GNOME/file-roller/-/commit/21dfcdbfe258984db89fb65243a1a888924e45a0 https://lists.debian.org/debian-lts-announce/2020/04/msg00013.html https://security.gentoo.org/glsa/202009-06 https://usn.ubuntu.com/4332-1 https://usn.ubuntu.com/4332-2 https://access.redhat.com/security/cve/CVE-2020-11736 https://bugzilla.redhat.com/show_bug.cgi?id=1824985 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 0

A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability. Se detectó un fallo en libssh versiones anteriores a 0.8.9 y versiones anteriores a 0.9.4, en la manera en que se manejaron los cifrados AES-CTR (o DES si está habilitado). El servidor o el cliente podrían bloquearse cuando la conexión no ha sido inicializada completamente y el sistema intenta limpiar los cifrados cuando se cierra la conexión. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1730 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2A7BIFKUYIYKTY7FX4BEWVC2OHS5DPOU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VLSWHBQ3EPKGTGLQNH554Z746BJ3C554 https://security.netapp.com/advisory/ntap-20200424-0001 https://usn.ubuntu.com/4327-1 https://www.libssh.org/security/advisories/CVE-2020-1730.txt https://www.oracle.com/security-alerts/cpuoct2020.html https:/ • CWE-476: NULL Pointer Dereference •

CVSS: 7.5EPSS: 1%CPEs: 27EXPL: 1

SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. SQLite versiones hasta 3.31.1, permite a atacantes causar una denegación de servicio (fallo de segmentación) por medio de una consulta de una función de window malformada porque la inicialización el objeto AggInfo es manejada inapropiadamente. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://lists.debian.org/debian-lts-announce/2020/05/msg00006.html https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc https://security.gentoo.org/glsa/202007-26 https://security.netapp.com/advisory/ntap-20200416-0001 https://usn.ubuntu.com/4394-1 https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security- • CWE-665: Improper Initialization •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1

KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. Because of this, an attacker with the ability run code in kernel space of a guest VM can cause the host kernel to panic. There were two commits that, according to the reporter, introduced the vulnerability: f024ee098476 ("KVM: PPC: Book3S HV: Pull out TM state save/restore into separate procedures") 87a11bb6a7f7 ("KVM: PPC: Book3S HV: Work around XER[SO] bug in fake suspend mode") The former landed in 4.8, the latter in 4.17. This was fixed without realizing the impact in 4.18 with the following three commits, though it's believed the first is the only strictly necessary commit: 6f597c6b63b6 ("KVM: PPC: Book3S PR: Add guest MSR parameter for kvmppc_save_tm()/kvmppc_restore_tm()") 7b0e827c6970 ("KVM: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm") 009c872a8bc4 ("KVM: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file") KVM en el kernel de Linux en los procesadores Power8, presenta un uso conflictivo de HSTATE_HOST_R1 para almacenar el estado r1 en plus kvmppc_hv_entry en kvmppc_ {save, restore} _tm, conllevando a una corrupción de la pila. Debido a esto, un atacante con la capacidad de ejecutar código en el espacio del kernel de una Máquina Virtual invitada puede causar que el kernel del host entre en pánico. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1867717 https://usn.ubuntu.com/4318-1 https://usn.ubuntu.com/usn/usn-4318-1 https://www.openwall.com/lists/oss-security/2020/04/06/2 https://access.redhat.com/security/cve/CVE-2020-8834 https://bugzilla.redhat.com/show_bug.cgi?id=1819615 • CWE-121: Stack-based Buffer Overflow CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-368: Context Switching Race Condition •