Page 2 of 42 results (0.015 seconds)

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0

A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious <script> tags, leading to a cross-site-scripting (XSS) vulnerability. Se encontró un fallo en Django REST Framework versiones anteriores a 3.12.0 y anteriores a 3.11.2.&#xa0;Cuando se usa el visor de la API navegable, Django REST Framework no puede escapar correctamente determinadas cadenas que pueden provenir de la entrada del usuario. • https://bugzilla.redhat.com/show_bug.cgi?id=1878635 https://security.netapp.com/advisory/ntap-20201016-0003 https://www.debian.org/security/2022/dsa-5186 https://access.redhat.com/security/cve/CVE-2020-25626 • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.1EPSS: 0%CPEs: 10EXPL: 0

A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability. Se encontró un fallo en Ansible Engine, en ansible-engine versiones 2.8.x anteriores a 2.8.15 y ansible-engine versiones 2.9.x anteriores a 2.9.13, Cuando se instalan paquetes usando el módulo dnf. • https://bugzilla.redhat.com/show_bug.cgi?id=1869154 https://www.debian.org/security/2021/dsa-4950 https://access.redhat.com/security/cve/CVE-2020-14365 • CWE-347: Improper Verification of Cryptographic Signature •

CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 1

A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system. Se encontró un fallo en el kernel de Linux en las versiones posteriores a 4.5-rc1, en la manera en que mremap manejó DAX Huge Pages. Este fallo permite a un atacante local con acceso a un almacenamiento habilitado para DAX escalar sus privilegios en el sistema A flaw was found in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html https://bugzilla.redhat.com/show_bug.cgi?id=1842525 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5bfea2d9b17f1034a68147a8b03b9789af5700f9 https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IEM47BXZJLODRH5YNNZSAQ2NVM63MYMC https://security.netapp.com/advisory/ntap-20200702-0004 https://usn.ubuntu.com& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0

A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decryp emains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted ble. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10685 https://github.com/ansible/ansible/pull/68433 https://security.gentoo.org/glsa/202006-11 https://www.debian.org/security/2021/dsa-4950 https://access.redhat.com/security/cve/CVE-2020-10685 https://bugzilla.redhat.com/show_bug.cgi?id=1814627 • CWE-459: Incomplete Cleanup •

CVSS: 9.1EPSS: 0%CPEs: 8EXPL: 2

A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false transactions. Se encontró un fallo en todas las versiones de python-ecdsa anteriores a la versión 0.13.3, donde no se comprobaba correctamente si las firmas usaban codificación DER. Sin esta comprobación, se podría aceptar una firma malformada, haciendo que la firma sea maleable. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14859 https://github.com/warner/python-ecdsa/issues/114 https://github.com/warner/python-ecdsa/releases/tag/python-ecdsa-0.13.3 https://pypi.org/project/ecdsa/0.13.3 https://access.redhat.com/security/cve/CVE-2019-14859 https://bugzilla.redhat.com/show_bug.cgi?id=1760843 • CWE-347: Improper Verification of Cryptographic Signature •