Page 125 of 2356 results (0.013 seconds)

CVSS: 8.1EPSS: 9%CPEs: 6EXPL: 0

Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on the calling application and if it retains a reference to the memory.. This vulnerability appears to have been fixed in 17.5.0. Python Cryptographic Authority pyopenssl en versiones anteriores a la 17.5.0 contiene una vulnerabilidad CWE-416: Uso de memoria previamente liberada en el manejo de objetos X509 que puede resultar en un uso de memoria previamente liberada y una denegación de servicio (DoS) o la ejecución remota de código. El ataque parece ser explotable dependiendo de la aplicación llamante y de si retiene una referencia a la memoria. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00014.html https://access.redhat.com/errata/RHSA-2019:0085 https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509 https://github.com/pyca/pyopenssl/pull/723 https://usn.ubuntu.com/3813-1 https://access.redhat.com/security/cve/CVE-2018-1000807 https://bugzilla.redhat.com/show_bug.cgi?id=1640217 • CWE-416: Use After Free •

CVSS: 9.8EPSS: 27%CPEs: 24EXPL: 7

Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character. Git en versiones anteriores a la 2.14.5, versiones 2.15.x anteriores a la 2.15.3, versiones 2.16.x anteriores a la 2.16.5, versiones 2.17.x anteriores a la 2.17.2, versiones 2.18.x anteriores a la 2.18.1 y versiones 2.19.x anteriores a la 2.19.1 permite la ejecución remota de código durante el procesamiento de un "clon de git" recursivo de un superproyecto si un archivo .gitmodules tiene un campo URL que comienza por un carácter "-". An option injection flaw has been discovered in git when it recursively clones a repository with sub-modules. A remote attacker may configure a malicious repository and trick a user into recursively cloning it, thus executing arbitrary commands on the victim's machine. • https://www.exploit-db.com/exploits/45631 https://www.exploit-db.com/exploits/45548 https://github.com/AnonymKing/CVE-2018-17456 https://github.com/matlink/CVE-2018-17456 https://github.com/shpik-kr/CVE-2018-17456 https://github.com/799600966/CVE-2018-17456 https://github.com/KKkai0315/CVE-2018-17456 http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html http://packetstormsecurity.com/files/152173/Sourcetree-Git-Arbitrary-Code-Execution-URL-Handling.html http:/ • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •

CVSS: 5.3EPSS: 78%CPEs: 53EXPL: 2

When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. Cuando el servlet por defecto en Apache Tomcat en versiones de la 9.0.0.M1 a la 9.0.11, de la 8.5.0 a la 8.5.33 y de la 7.0.23 a la 7.0.90 devolvía una redirección a un directorio (por ejemplo, redirigiendo a "/foo/'' cuando el usuario solicitó '"/foo") se pudo usar una URL especialmente manipulada para hacer que la redirección se generara a cualquier URI de la elección del atacante. These are details on an open redirection vulnerability in Apache Tomcat version 9.0.0M1 that was discovered in 2018. • https://www.exploit-db.com/exploits/50118 https://github.com/Cappricio-Securities/CVE-2018-11784 http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html http://packetstormsecurity.com/files/163456/Apache-Tomcat-9.0.0M1-Open-Redirect.html http://www.securityfocus.com/bid/105524 https://access.redhat.com/errata/RHSA-2019:0130 https://access.redhat.com/errata/RHSA-2019:0131 https://access.redhat.c • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0

An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents. Se descubrió un problema en la función proc_pid_stack en fs/proc/base.c en el kernel de Linux hasta la versión 4.18.11. No asegura que solo root pueda inspeccionar la pila del kernel de una tarea arbitraria, lo que permite que un atacante local explote de forma arbitraria el proceso de marcha atrás en la pila a la hora de producirse una excepción (stack unwinding) y filtre el contenido de la pila de tareas del kernel. An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html http://www.securityfocus.com/bid/105525 https://access.redhat.com/errata/RHSA-2019:0512 https://access.redhat.com/errata/RHSA-2019:0514 https://access.redhat.com/errata/RHSA-2019:0831 https://access.redhat.com/errata/RHSA-2019:2473 https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html https://lists.debian.org/debian-lts-ann • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 9.1EPSS: 37%CPEs: 16EXPL: 1

A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3. Vulnerabilidad por la cual el compilador JIT de JavaScript inserta Array.prototype.push con múltiples argumentos que resultan en que el puntero de la pila está fuera de su sitio por 8 bytes tras un bailout. Esto filtra una dirección de memoria a la función llamante que puede emplearse como parte de un exploit dentro del proceso de contenido en sandbox. • http://www.securityfocus.com/bid/105460 http://www.securitytracker.com/id/1041770 https://access.redhat.com/errata/RHSA-2018:2881 https://access.redhat.com/errata/RHSA-2018:2884 https://bugzilla.mozilla.org/show_bug.cgi?id=1493903 https://security.gentoo.org/glsa/201810-01 https://usn.ubuntu.com/3778-1 https://www.debian.org/security/2018/dsa-4310 https://www.mozilla.org/security/advisories/mfsa2018-24 https://access.redhat.com/security/cve/CVE-2018-12387 https:/&#x • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •