Page 18 of 3891 results (0.004 seconds)

CVSS: 3.8EPSS: 0%CPEs: 5EXPL: 0

In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engine_write() callback. A local attacker could abuse this flaw to crash the QEMU process in sm501_2d_operation() in hw/display/sm501.c on the host, resulting in a denial of service. En QEMU versiones hasta 5.0.0, se encontró un desbordamiento de enteros en la implementación del controlador de pantalla SM501. Este fallo ocurre en la macro COPY_AREA al manejar operaciones de escritura MMIO por medio de la devolución de llamada de sm501_2d_engine_write(). • https://bugzilla.redhat.com/show_bug.cgi?id=1808510 https://usn.ubuntu.com/4467-1 https://www.debian.org/security/2020/dsa-4760 • CWE-190: Integer Overflow or Wraparound •

CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0

oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position. La función oss_write en el archivo audio/ossaudio.c en QEMU versiones anteriores a 5.0.0, maneja inapropiadamente una posición de búfer • https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7a4ede0047a8613b0e3b72c9d351038f013dd357 https://usn.ubuntu.com/4467-1 • CWE-369: Divide By Zero •

CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0

Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following. Net-SNMP versiones hasta 5.7.3, permite una Escalada de Privilegios debido al seguimiento de un enlace simbólico (symlink) de UNIX. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966599 https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602 https://github.com/net-snmp/net-snmp/issues/145 https://security.gentoo.org/glsa/202008-12 https://security.netapp.com/advisory/ntap-20200904-0001 https://usn.ubuntu.com/4471-1 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 2

A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system. Se detectó un fallo de desreferencia de puntero null en el subsistema cgroupv2 del kernel de Linux en versiones anteriores a 5.7.10, en la manera de reiniciar el sistema. Un usuario local podría usar este fallo para bloquear el sistema o escalar sus privilegios en el sistema. A use-after-free flaw was found in the Linux kernel’s cgroupv2 subsystem when rebooting the system. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html https://bugzilla.kernel.org/show_bug.cgi?id=208003 https://bugzilla.redhat.com/show_bug.cgi?id=1868453 https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html https://lore.kernel.org/netdev/C • CWE-416: Use After Free CWE-476: NULL Pointer Dereference •

CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0

Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root. Net-SNMP versiones hasta 5.7.3, presenta una Administración de Privilegios Inapropiada porque el acceso de SNMP WRITE en el EXTEND MIB provee la capacidad de ejecutar comandos arbitrarios como root. A flaw was found in Net-SNMP through version 5.73, where an Improper Privilege Management issue occurs due to SNMP WRITE access to the EXTEND MIB allows running arbitrary commands as root. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965166 https://github.com/net-snmp/net-snmp/commit/77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205 https://salsa.debian.org/debian/net-snmp/-/commit/fad8725402752746daf0a751dcff19eb6aeab52e https://security-tracker.debian.org/tracker/CVE-2020-15862 https://security.gentoo.org/glsa/202008-12 https://security.netapp.com/advisory/ntap-20200904-0001 https://usn.ubuntu.com/4471-1 https://access.redhat.com/security/cve/CVE-2020-15862 https://bugzilla.redhat.co • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •