Page 109 of 871 results (0.011 seconds)

CVSS: 6.1EPSS: 1%CPEs: 12EXPL: 1

CVE-2020-7106

https://notcve.org/view.php?id=CVE-2020-7106

Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS). Cacti versión 1.2.8, tiene un vulnerabilidad de tipo XSS almacenado en los archivos data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, y user_group_admin.php, como es demostrado por el parámetro description en el archivo data_sources.php (una cadena sin procesar desde la base de datos que se despliega con $header para activar un ataque de tipo XSS). • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00032.html https://github.com/Cacti/cacti/issues/3191 https://lists.debian.org/debian-lts-announce/2020/01/msg00014.html https://lists • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1

CVE-2020-7105

https://notcve.org/view.php?id=CVE-2020-7105

async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked. los archivos async.c y dict.c en la biblioteca libhiredis.a en hiredis versiones hasta la versión 0.14.0, permiten una desreferencia de puntero NULL porque los valores de retorno de malloc están sin verificar • https://github.com/redis/hiredis/issues/747 https://lists.debian.org/debian-lts-announce/2020/01/msg00028.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/76ZDGWBV3YEEQ2YC65ZJEQLKQFVFBZHX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKOTCIYFEWJJILUGL4JQ3CJAM3TWYZ2A • CWE-476: NULL Pointer Dereference •

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1

CVE-2020-7044

https://notcve.org/view.php?id=CVE-2020-7044

In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This was addressed in epan/dissectors/packet-wassp.c by using >= and <= to resolve off-by-one errors. En Wireshark versiones 3.2.x anteriores a la versión 3.2.1, el disector WASSP podría bloquearse. Esto fue abordado en el archivo epan/dissectors/packet-wassp.c mediante el uso de )= y (= para resolver errores por un paso. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16324 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=f90a3720b73ca140403315126e2a478c4f70ca03 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZBICEY2HGSNQ3RPBLMDDYVAHGOGS4E2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDVMBCADP73TBISYCS6ARKOSNNJOGXXZ https://lists.fedoraproject.org/archives/list/pack • CWE-125: Out-of-bounds Read CWE-193: Off-by-one Error •

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 1

CVE-2019-19547

https://notcve.org/view.php?id=CVE-2019-19547

Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may be susceptible to a cross site scripting (XSS) issue. XSS is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. An XSS vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy. Symantec Endpoint Detection and Response (SEDR), versiones anteriores a la versión 4.3.0, puede ser susceptible a un problema de tipo cross site scripting (XSS). Un XSS es un tipo de problema que puede habilitar a atacantes para inyectar scripts del lado del cliente en páginas web visualizadas por otros usuarios. • https://github.com/nasbench/CVE-2019-19547 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WRQXCOVFWZIIMAZIAAFAVQGZOS7LGHXP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQTOWEDFXDTGTD6D4NHRB4FUURQSTTEN https://support.symantec.com/us/en/article.SYMSA1502.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.1EPSS: 0%CPEs: 23EXPL: 1

CVE-2020-6851 – openjpeg: Heap-based buffer overflow in opj_t1_clbl_decode_processor()

https://notcve.org/view.php?id=CVE-2020-6851

OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation. OpenJPEG hasta la versión 2.3.1 tiene un desbordamiento de búfer basado en almacenamiento dinámico en opj_t1_clbl_decode_processor en openjp2 / t1.c debido a la falta de validación de opj_j2k_update_image_dimensions. A heap-based buffer overflow flaw was found in openjpeg in the opj_t1_clbl_decode_processor in libopenjp2.so. Affecting versions through 2.3.1, the highest threat from this vulnerability is to file confidentiality and integrity as well as system availability. • https://access.redhat.com/errata/RHSA-2020:0262 https://access.redhat.com/errata/RHSA-2020:0274 https://access.redhat.com/errata/RHSA-2020:0296 https://github.com/uclouvain/openjpeg/issues/1228 https://lists.debian.org/debian-lts-announce/2020/01/msg00025.html https://lists.debian.org/debian-lts-announce/2020/07/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LACIIDDCKZJEPKTTFILSOSBQL7L3FC6V https://lists.fedoraproject.org/archives/list/pa • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •