Page 2 of 489 results (0.004 seconds)

CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 3

27 Jan 2020 — NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used. NetworkManager versiones 0.9.x, no fija un asunto del certificado en un ESSID cuando es usada la autenticación 802.11X. • http://www.openwall.com/lists/oss-security/2010/04/22/2 • CWE-295: Improper Certificate Validation •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

27 Jan 2020 — Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a malicious service is executed. This issue affects: SUSE Linux Enterprise Server 15 obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74:. openSUSE Factory obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74. Una vulnerabilidad de Salto de Ruta Relativa en obs-servi... • https://bugzilla.suse.com/show_bug.cgi?id=1107944 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1

23 Jan 2020 — UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14-6.3.1. openSUSE Factory trousers versions prior to 0.3.14-7.1. Enlace simbólico de UNIX (Symlink) Siguiendo la vulnerabilidad en el paquete trousers de SUSE Linux Enterprise Server 15 SP1; Los atacantes locales permitidos... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00066.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 0

24 Jul 2018 — Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber. According to RFC 2328 section 13.1, for two instances of the same LSA, recency is determined by first comparing sequence numbers, then checksums, and finally MaxAge. In a case where the sequence numbers are the same, the LSA with the larger checksum is considered more recent, and will not be flushed from the Link State Database (LSDB). Since the RFC does n... • https://www.kb.cert.org/vuls/id/793496 • CWE-345: Insufficient Verification of Data Authenticity CWE-354: Improper Validation of Integrity Check Value •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

17 Aug 2017 — Code injection in openSUSE when running some source services used in the open build service 2.1 before March 11 2011. Existe inyección de código en openSUSE al ejecutar algunos servicios de origen empleados en open build service 2.1 anterior al 11 de marzo de 2011. • https://bugzilla.suse.com/show_bug.cgi?id=679325 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 1

12 Apr 2017 — Stack-based buffer overflow in game-music-emu before 0.6.1. Desbordamiento de búfer basado en pila en game-music-emu en versiones anteriores a 0.6.1. Multiple vulnerabilities have been found in Game Music Emu, the worst of which could lead to the execution of arbitrary code. Versions are affected. • http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00090.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 1

12 Apr 2017 — game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations. game-music-emu en versiones anteriores a 0.6.1 permite a atacantes remotos escribir en ubicaciones de memoria arbitrarias. Multiple vulnerabilities have been found in Game Music Emu, the worst of which could lead to the execution of arbitrary code. Versions are affected. • http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00090.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 1

12 Apr 2017 — game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values. game-music-emu en versiones anteriores a 0.6.1 permite a los atacantes remotos generar valores fuera de los límites de 8 bits. Multiple vulnerabilities have been found in Game Music Emu, the worst of which could lead to the execution of arbitrary code. Versions are affected. • http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00090.html • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 2%CPEs: 16EXPL: 0

20 Mar 2017 — Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact. Desbordamiento de búfer en la función ReadRLEImage en coders/rle.c en ImageMagick 6.8.9.9 permite a atacantes remotos tener impacto no especificado. • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.8EPSS: 1%CPEs: 7EXPL: 0

17 Mar 2017 — distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors. distribute-cache.c en ImageMagick vuelve a usar objetos después de haberlos destruido, lo que permite a atacantes remotos tener un impacto no especificado a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html • CWE-913: Improper Control of Dynamically-Managed Code Resources •