Page 115 of 1963 results (0.015 seconds)

CVSS: 7.5EPSS: 1%CPEs: 13EXPL: 0

A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable. Se ha detectado una vulnerabilidad de denegación de servicio (DoS) en rsyslog en el módulo imptcp. Un atacante podría enviar un mensaje especialmente manipulado al socket imptcp, lo que conduciría al cierre forzado de rsyslog. • https://access.redhat.com/errata/RHBA-2019:2501 https://access.redhat.com/errata/RHSA-2019:2110 https://access.redhat.com/errata/RHSA-2019:2437 https://access.redhat.com/errata/RHSA-2019:2439 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16881 https://lists.debian.org/debian-lts-announce/2022/05/msg00028.html https://access.redhat.com/security/cve/CVE-2018-16881 https://bugzilla.redhat.com/show_bug.cgi?id=1658366 • CWE-190: Integer Overflow or Wraparound •

CVSS: 7.8EPSS: 2%CPEs: 18EXPL: 4

In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution. En Artifex Ghostscript hasta la versión 9.26, los procedimientos ephemeral o transient pueden permitir el acceso a los operadores del sistema, lo que conduce a la ejecución remota de código. It was found that ghostscript could leak sensitive operators on the operand stack when a pseudo-operator pushes a subroutine. A specially crafted PostScript file could use this flaw to escape the -dSAFER protection in order to, for example, have access to the file system outside of the SAFER constraints. Ghostscript has an issue with pseudo-operators that can lead to remote code execution. • https://www.exploit-db.com/exploits/46242 http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00048.html http://packetstormsecurity.com/files/151307/Ghostscript-Pseudo-Operator-Remote-Code-Execution.html http://packetstormsecurity.com/files/152367/Slackware-Security-Advisory-ghostscript-Updates.html http://www.openwall.com/lists/oss-security/2019/01/23/5 http://www.openwall.com/lists/oss-security/2019/03/21/1 http: •

CVSS: 5.3EPSS: 0%CPEs: 35EXPL: 0

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections. En Apache HTTP Server, en sus versiones 2.4.37 y anteriores, mediante el envío de cuerpos de respuesta mediante la técnica del "slow loris" a recursos planos, la transmisión h2 para esa petición ocupó de forma innecesaria un hilo de servidor que limpiaba tales datos entrantes. Esto afecta solo a las conexiones HTTP/2 (mod_http2). • http://www.securityfocus.com/bid/106685 https://access.redhat.com/errata/RHSA-2019:3932 https://access.redhat.com/errata/RHSA-2019:3933 https://access.redhat.com/errata/RHSA-2019:3935 https://access.redhat.com/errata/RHSA-2019:4126 https://httpd.apache.org/security/vulnerabilities_24.html https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache • CWE-400: Uncontrolled Resource Consumption •

CVSS: 3.1EPSS: 0%CPEs: 34EXPL: 0

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html http://www.securityfocus.com/bid/106596 https://access.redhat.com/errata/RHSA-2019:0416 https://access.redhat.com/errata/RHSA-2019:0435 https://access.redhat.com/errata/RHSA-2019:0436 https://a • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.5EPSS: 0%CPEs: 33EXPL: 0

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html http://www.securityfocus.com/bid/106619 https://access.redhat.com/errata/RHSA-2019:2327 https://access.redhat.com/errata/RHSA-2019:2484 https://access.redhat.com/errata/RHSA-2019:2511 https://lists.debian.org/debian-lts-announce/2019/02/msg00000.html https://security.gentoo.org/glsa/201908-24 https://security.netapp.com/advisory/ntap-20190118-0002 https://usn.ubuntu.com/3867-1 https://access.redhat.co •