Page 105 of 4199 results (0.006 seconds)

CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0

CVE-2020-1950 – tika: excessive memory usage in PSDParser

https://notcve.org/view.php?id=CVE-2020-1950

A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23. Un archivo PSD cuidadosamente diseñado o corrupto puede causar un uso de memoria excesivo en el PSDParser de Apache Tika en versiones 1.0-1.23. A flaw was found in Apache Tika’s PSDParser, where a carefully crafted or corrupt PSD file can cause excessive memory usage. The highest threat from this vulnerability is to system availability. • https://lists.apache.org/thread.html/r463b1a67817ae55fe022536edd6db34e8f9636971188430cbcf8a8dd%40%3Cdev.tika.apache.org%3E https://lists.debian.org/debian-lts-announce/2020/03/msg00035.html https://usn.ubuntu.com/4564-1 https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpuoct2020.html https://access.redhat.com/security/cve/CVE-2020-1950 https://bugzilla.redhat.com/show_bug.cgi?id=1822759 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0

CVE-2019-18860 – squid: Mishandled HTML in the host parameter to cachemgr.cgi results in insecure behaviour

https://notcve.org/view.php?id=CVE-2019-18860

Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi. Squid versiones anteriores a 4.9, cuando determinados navegadores web son usados, maneja inapropiadamente HTML en el parámetro host (también se conoce como hostname) en el archivo cachemgr.cgi. A flaw was found in squid. Squid, when certain web browsers are used, mishandles HTML in the host parameter to cachemgr.cgi which could result in squid behaving in unsecure way. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html https://github.com/squid-cache/squid/pull/504 https://github.com/squid-cache/squid/pull/505 https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html https://usn.ubuntu.com/4356-1 https://www.debian.org/security/2020/dsa-4732 https://access.redhat.com/security/cve/CVE-2019-18860 https://bugzilla.redhat.com/show_bug.cgi?id=1817121 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1

CVE-2019-14855

https://notcve.org/view.php?id=CVE-2019-14855

A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18. Se detectó un fallo en la manera en que podrían ser falsificadas las firmas de certificados usando colisiones encontradas en el algoritmo SHA-1. Un atacante podría usar esta debilidad para crear firmas de certificados falsificadas. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14855 https://dev.gnupg.org/T4755 https://lists.gnupg.org/pipermail/gnupg-announce/2019q4/000442.html https://rwc.iacr.org/2020/slides/Leurent.pdf https://usn.ubuntu.com/4516-1 • CWE-326: Inadequate Encryption Strength •

CVSS: 5.5EPSS: 0%CPEs: 63EXPL: 0

CVE-2020-8832 – Ubuntu 18.04 Linux kernel i915 incomplete fix for CVE-2019-14615

https://notcve.org/view.php?id=CVE-2020-8832

The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could use this vulnerability to expose sensitive information. Se detectó que la solución para el kernel de Linux en Ubuntu versión 18.04 LTS para CVE-2019-14615 ("El kernel de Linux no borró apropiadamente las estructuras de datos en los conmutadores de contexto para determinados procesadores gráficos de Intel") estaba incompleta, lo que significa que en las versiones de kernel anteriores a 4.15.0-91.92, un atacante podría usar esta vulnerabilidad para exponer información confidencial. • https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1862840 https://security.netapp.com/advisory/ntap-20200430-0004 https://usn.ubuntu.com/usn/usn-4302-1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0

CVE-2020-0556 – bluez: Improper access control in subsystem could result in privilege escalation and DoS

https://notcve.org/view.php?id=CVE-2020-0556

Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access El control de acceso incorrecto en el subsistema para BlueZ anterior a la versión 5.54 puede permitir que un usuario no autenticado permita potencialmente la escalada de privilegios y la denegación de servicio a través del acceso adyacente • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00055.html https://lists.debian.org/debian-lts-announce/2020/06/msg00008.html https://security.gentoo.org/glsa/202003-49 https://usn.ubuntu.com/4311-1 https://www.debian.org/security/2020/dsa-4647 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html https://access.redhat.com/security/cve/CVE-2020-0556 https • CWE-266: Incorrect Privilege Assignment •