Page 126 of 3272 results (0.014 seconds)

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2020-11669 – kernel: powerpc: guest can cause DoS on POWER9 KVM hosts

https://notcve.org/view.php?id=CVE-2020-11669

An issue was discovered in the Linux kernel before 5.2 on the powerpc platform. arch/powerpc/kernel/idle_book3s.S does not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR, aka CID-53a712bae5dd. Se detectó un problema en el kernel de Linux versiones anteriores a 5.2, en la plataforma powerpc. El archivo arch/powerpc/kernel/idle_book3s.S no posee la funcionalidad de guardar y restaurar para PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR y PNV_POWERSAVE_AMOR, también se conoce como CID-53a712bae5dd. A flaw was found in the way Linux kernel running on the Power9 processor saves and restores its registers while going in and coming out of an idle state. The issue occurs when a guest kernel has Kernel Userspace Address Protection (KUAP) feature enabled. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html https://access.redhat.com/errata/RHSA-2019:3517 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=53a712bae5dd919521a58d7bad773b949358add0 https://github.com/torvalds/linux/commit/53a712bae5dd919521a58d7bad773b949358add0 https://lists.ozlabs.org/pipermail/linuxppc-dev/2020-April/208660.html https://lists.ozlabs.org/pipermail/linuxppc-dev/2020-April • CWE-393: Return of Wrong Status Code •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2019-20637 – varnish: not clearing pointer between two client requests leads to information disclosure

https://notcve.org/view.php?id=CVE-2019-20637

An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the connection workspace, such as data structures associated with previous requests within this connection or VCL-related temporary headers. Se detectó un problema en Varnish Cache versiones anteriores a 6.0.5 LTS, versiones 6.1.x y versiones 6.2.x anteriores a 6.2.2 y versiones 6.3.x anteriores a 6.3.1. No borra un puntero entre el manejo de una petición de cliente y la siguiente petición dentro de la misma conexión. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00031.html http://varnish-cache.org/security/VSV00004.html#vsv00004 https://access.redhat.com/security/cve/CVE-2019-20637 https://bugzilla.redhat.com/show_bug.cgi?id=1772362 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

CVE-2020-11653 – varnish: remote clients may cause Varnish to assert and restart which could result in DoS

https://notcve.org/view.php?id=CVE-2020-11653

An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss. Se detectó un problema en Varnish Cache versiones anteriores a 6.0.6 LTS, versiones 6.1.x y versiones 6.2.x anteriores a 6.2.3 y versiones 6.3.x anteriores a 6.3.2. Se presenta cuando la comunicación con un proxy de terminación TLS usa PROXY versión 2. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00031.html https://lists.debian.org/debian-lts-announce/2022/11/msg00036.html https://varnish-cache.org/security/VSV00005.html#vsv00005 https://access.redhat.com/security/cve/CVE-2020-11653 https://bugzilla.redhat.com/show_bug.cgi?id=1813867 • CWE-400: Uncontrolled Resource Consumption CWE-617: Reachable Assertion •

CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0

CVE-2020-6451 – chromium-browser: Use after free in WebAudio

https://notcve.org/view.php?id=CVE-2020-6451

Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada de WebAudio en Google Chrome versiones anteriores a 80.0.3987.162, permitió a un atacante remoto explotar potencialmente una corrupción de la pila (heap) por medio de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_31.html https://crbug.com/1061018 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMXT4OKBMCJSNSX7TZDBJNY6ORKFZRFO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQTV7EFWQKF6VJBCVH4PUQJLGO7ISLTN https://access.red • CWE-416: Use After Free •

CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 1

CVE-2020-6450 – chromium-browser: Use after free in WebAudio

https://notcve.org/view.php?id=CVE-2020-6450

Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada de WebAudio en Google Chrome versiones anteriores a 80.0.3987.162, permitió a un atacante remoto explotar potencialmente una corrupción de la pila (heap) por medio de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_31.html https://crbug.com/1062247 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMXT4OKBMCJSNSX7TZDBJNY6ORKFZRFO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQTV7EFWQKF6VJBCVH4PUQJLGO7ISLTN https://access.red • CWE-416: Use After Free •