Page 104 of 880 results (0.016 seconds)

CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0

The implementation of the OSPF protocol in VMware NSX-V Edge 6.2.x prior to 6.2.8 and NSX-V Edge 6.3.x prior to 6.3.3 doesn't correctly handle the link-state advertisement (LSA). A rogue LSA may exploit this issue resulting in continuous sending of LSAs between two routers eventually going in loop or loss of connectivity. La implementación del protocolo OSPF en VMware NSX-V Edge en versiones 6.2.x anteriores a la 6.2.8 y NSX-V Edge en versiones 6.3.x anteriores a la 6.3.3 no gestiona correctamente el LSA (link-state advertisement). Un LSA no autorizado podría explotar este problema, resultando en el envío continuo de LSA entre dos routers, lo que acabaría por provocar un bucle o la pérdida de la conectividad. • http://www.securityfocus.com/bid/100277 https://www.vmware.com/security/advisories/VMSA-2017-0014.html • CWE-400: Uncontrolled Resource Consumption •

CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0

In Pivotal Single Sign-On for PCF (1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3), certain pages allow code to be injected into the DOM environment through query parameters, leading to XSS attacks. En Pivotal Single Sign-On para PCF (versiones 1.3.x anteriores a la 1.3.4 y versiones 1.4.x anteriores a la 1.4.3), ciertas páginas permiten que se inyecte código en el entorno DOM mediante parámetros de consulta, que conducen a ataques XSS. • http://www.securityfocus.com/bid/100618 https://pivotal.io/security/cve-2017-8044 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0

An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1. When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets." Spring Security configures Jackson with global default typing enabled, which means that (through the previous exploit) arbitrary code could be executed if all of the following is true: (1) Spring Security's Jackson support is being leveraged by invoking SecurityJackson2Modules.getModules(ClassLoader) or SecurityJackson2Modules.enableDefaultTyping(ObjectMapper); (2) Jackson is used to deserialize data that is not trusted (Spring Security does not perform deserialization using Jackson, so this is an explicit choice of the user); and (3) there is an unknown (Jackson is not blacklisting it already) "deserialization gadget" that allows code execution present on the classpath. Jackson provides a blacklisting approach to protecting against this type of attack, but Spring Security should be proactive against blocking unknown "deserialization gadgets" when Spring Security enables default typing. • http://www.securityfocus.com/bid/99080 https://lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b%40%3Ccommits.cassandra.apache.org%3E https://lists.apache.org/thread.html/r42ac3e39e6265db12d9fc6ae1cd4b5fea7aed9830dc6f6d58228fed7%40%3Ccommits.cassandra.apache.org%3E https://lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c%40%3Ccommits.cassandra.apache.org%3E https://pivotal.io/security/cve-2017-4995 • CWE-502: Deserialization of Untrusted Data •

CVSS: 8.8EPSS: 0%CPEs: 189EXPL: 13

In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks. En la función add_match en libbb/lineedit.c en BusyBox hasta la versión 1.27.2, la característica de autocompletar pestañas del shell, empleada para obtener una lista de nombres de archivo en un directorio, no inmuniza los nombres de archivo. Esto conduce a la ejecución de cualquier secuencia de escape en el terminal. Esto podría resultar en la ejecución de código, escrituras arbitrarias de archivos u otros ataques. • http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html http://seclists.org/fulldisclosure/2019/Jun/18 http://seclists.org/fulldisclosure/2019/Sep/7 http://seclists.org/fulldisclosure/2020/Aug/20 http://seclists.org/fulldisclosure/2020/Mar/15 http://seclists.org/fulldisclosure • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0

VMware Workstation (12.x before 12.5.8) installer contains a DLL hijacking issue that exists due to some DLL files loaded by the application improperly. This issue may allow an attacker to load a DLL file of the attacker's choosing that could execute arbitrary code. El instalador de VMware Workstation (en versiones 12.x anteriores a la 12.5.8) contiene un error de secuestro de DLL que existe debido a que la aplicación carga algunos archivos DLL de manera incorrecta. Este error puede permitir que un atacante cargue un archivo DLL elegido por él que podría ejecutar código arbitrario. • http://www.securityfocus.com/bid/101890 https://www.vmware.com/security/advisories/VMSA-2017-0018.html • CWE-426: Untrusted Search Path •