Page 116 of 4202 results (0.032 seconds)

CVSS: 5.5EPSS: 0%CPEs: 63EXPL: 0

The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could use this vulnerability to expose sensitive information. Se detectó que la solución para el kernel de Linux en Ubuntu versión 18.04 LTS para CVE-2019-14615 ("El kernel de Linux no borró apropiadamente las estructuras de datos en los conmutadores de contexto para determinados procesadores gráficos de Intel") estaba incompleta, lo que significa que en las versiones de kernel anteriores a 4.15.0-91.92, un atacante podría usar esta vulnerabilidad para exponer información confidencial. • https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1862840 https://security.netapp.com/advisory/ntap-20200430-0004 https://usn.ubuntu.com/usn/usn-4302-1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0

Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access El control de acceso incorrecto en el subsistema para BlueZ anterior a la versión 5.54 puede permitir que un usuario no autenticado permita potencialmente la escalada de privilegios y la denegación de servicio a través del acceso adyacente • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00055.html https://lists.debian.org/debian-lts-announce/2020/06/msg00008.html https://security.gentoo.org/glsa/202003-49 https://usn.ubuntu.com/4311-1 https://www.debian.org/security/2020/dsa-4647 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html https://access.redhat.com/security/cve/CVE-2020-0556 https • CWE-266: Incorrect Privilege Assignment •

CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0

Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. Los desarrolladores de Mozilla reportaron bugs de seguridad de la memoria presentes en Firefox y Thunderbird versión 68.5. Algunos de estos bugs mostraron evidencia de corrupción de la memoria y presumimos que con un esfuerzo suficiente algunos de estos podrían haber sido explotados para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1592078%2C1604847%2C1608256%2C1612636%2C1614339 https://usn.ubuntu.com/4328-1 https://usn.ubuntu.com/4335-1 https://www.mozilla.org/security/advisories/mfsa2020-08 https://www.mozilla.org/security/advisories/mfsa2020-09 https://www.mozilla.org/security/advisories/mfsa2020-10 https://access.redhat.com/security/cve/CVE-2020-6814 https://bugzilla.redhat.com/show_bug.cgi?id=1812205 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 52%CPEs: 6EXPL: 0

By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. Al diseñar cuidadosamente las resoluciones de promesas, fue posible causar una lectura fuera de límites al final de una matriz redimensionada durante la ejecución del script. Esto podría haber conllevado a daños en la memoria y a un bloqueo potencialmente explotable. • http://packetstormsecurity.com/files/157524/Firefox-js-ReadableStreamCloseInternal-Out-Of-Bounds-Access.html https://bugzilla.mozilla.org/show_bug.cgi?id=1612308 https://usn.ubuntu.com/4328-1 https://usn.ubuntu.com/4335-1 https://www.mozilla.org/security/advisories/mfsa2020-08 https://www.mozilla.org/security/advisories/mfsa2020-09 https://www.mozilla.org/security/advisories/mfsa2020-10 https://access.redhat.com/security/cve/CVE-2020-6806 https://bugzilla.redhat.com/show_bug.cgi?id=1812 • CWE-125: Out-of-bounds Read •

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0

When a device was changed while a stream was about to be destroyed, the <code>stream-reinit</code> task may have been executed after the stream was destroyed, causing a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. Cuando un dispositivo fue cambiado mientras una secuencia estaba a punto de ser destruida, la tarea <code>stream-reinit</code> pudo haberse ejecutado después de que la secuencia fue destruida, causando un uso de la memoria previamente liberada y un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 68.6, Firefox versiones anteriores a 74, Firefox versiones anteriores a ESR68.6 y Firefox ESR versiones anteriores a 68.6. The Mozilla Foundation Security Advisory describes this flaw as: When a device was changed while a stream was about to be destroyed, the `stream-reinit` task may have been executed after the stream was destroyed, causing a use-after-free and a potentially exploitable crash. • https://bugzilla.mozilla.org/show_bug.cgi?id=1614971 https://usn.ubuntu.com/4328-1 https://usn.ubuntu.com/4335-1 https://www.mozilla.org/security/advisories/mfsa2020-08 https://www.mozilla.org/security/advisories/mfsa2020-09 https://www.mozilla.org/security/advisories/mfsa2020-10 https://access.redhat.com/security/cve/CVE-2020-6807 https://bugzilla.redhat.com/show_bug.cgi?id=1812201 • CWE-416: Use After Free •