Page 126 of 740 results (0.011 seconds)

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely. En ksh versión 20120801, se detectó un fallo en la manera que evalúa determinadas variables de entorno. Un atacante podría usar este fallo para anular u omitir unas restricciones del entorno para ejecutar comandos de shell. • http://seclists.org/fulldisclosure/2020/May/53 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14868 https://github.com/att/ast/commit/c7de8b641266bac7c77942239ac659edfee9ecd2 https://lists.debian.org/debian-lts-announce/2020/07/msg00015.html https://support.apple.com/kb/HT211170 https://access.redhat.com/security/cve/CVE-2019-14868 https://bugzilla.redhat.com/show_bug.cgi?id=1757324 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 3.1EPSS: 0%CPEs: 15EXPL: 1

An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503. Se detectó un problema en los dispositivos cliente de Broadcom Wi-Fi. Específicamente un tráfico diseñado minuciosamente y sincronizado puede causar errores internos (relacionados con las transiciones de estado) en un dispositivo WLAN que conllevan a un cifrado de Wi-Fi de Capa 2 inapropiado con una consiguiente posibilidad de divulgación de información por medio del aire para un conjunto de tráfico discreto, una vulnerabilidad diferente de CVE-2019-9500, CVE-2019-9501, CVE-2019-9502 y CVE-2019-9503. • https://www.exploit-db.com/exploits/48233 http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en http://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-en https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdf https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0001 https:&# • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •

CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to leak memory. Se abordó una lectura fuera de límites con una comprobación de entrada mejorada. Este problema es corregido en macOS Catalina versión 10.15.3. • https://support.apple.com/HT210919 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •

CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.3. An application may be able to execute arbitrary code with kernel privileges. Se abordó un problema de corrupción de memoria con un manejo de memoria mejorado. Este problema es corregido en macOS Catalina versión 10.15.3. • https://support.apple.com/HT210919 • CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. Se abordó un problema de corrupción de la memoria con una comprobación de entrada mejorada. Este problema es corregido en macOS Catalina versión 10.15.3. • https://support.apple.com/HT210919 • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •