Page 21 of 441 results (0.009 seconds)

CVSS: 7.5EPSS: 2%CPEs: 9EXPL: 0

A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability. Se encontró un fallo en OpenLDAP en versiones anteriores a 2.4.56. Este fallo permite a un atacante que envía un paquete malicioso procesado por OpenLDAP forzar una afirmación fallida en la función csnNormalize23(). • https://bugzilla.redhat.com/show_bug.cgi?id=1899678 https://git.openldap.org/openldap/openldap/-/commit/ab3915154e69920d480205b4bf5ccb2b391a0a1f#a2feb6ed0257c21c6672793ee2f94eaadc10c72c https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E https://lists.debian.org/debian-lts-announce/2020/12/msg00008.html https://security.netapp.com/advisory/ntap-20210716- • CWE-617: Reachable Assertion •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1

A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service. Se encontró un problema de división por cero en libvncserver-0.9.12. Un cliente malicioso podría usar este fallo para enviar un mensaje especialmente diseñado que, cuando se procesaba mediante el servidor VNC, conduciría a una excepción de punto flotante, resultando en una denegación de servicio A divide by zero flaw was found in libvncserver. This flaw allows a malicious client to send a specially crafted message that, when processed by the VNC server, leads to a floating-point exception, resulting in a denial of service. • https://bugzilla.redhat.com/show_bug.cgi?id=1896739 https://lists.debian.org/debian-lts-announce/2022/09/msg00035.html https://access.redhat.com/security/cve/CVE-2020-25708 • CWE-369: Divide By Zero •

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0

A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service. Se encontró una desreferencia de puntero NULL en el servidor OpenLDAP y se corrigió en openldap versión 2.4.55, durante una petición para cambiar el nombre de los RDN. Un atacante no autenticado podría bloquear remotamente el proceso slapd al enviar una petición especialmente diseñada, causando una Denegación de Servicio A NULL pointer dereference flaw was found in the OpenLDAP server, during a request for renaming RDNs. This flaw allows a remote, unauthenticated attacker to crash the slapd process by sending a specially crafted request, causing a denial of service. • https://bugzilla.redhat.com/show_bug.cgi?id=1894567 https://security.netapp.com/advisory/ntap-20210108-0006 https://access.redhat.com/security/cve/CVE-2020-25692 • CWE-476: NULL Pointer Dereference •

CVSS: 6.6EPSS: 0%CPEs: 15EXPL: 0

Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution. Se encontraron múltiples vulnerabilidades de desbordamiento de búfer en el proceso de decodificación de imágenes QUIC del sistema de visualización remota SPICE, versiones anteriores a spice-0.14.2-1. Tanto el cliente SPICE (spice-gtk) como el servidor están afectados por estos defectos. • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00001.html https://bugzilla.redhat.com/show_bug.cgi?id=1868435 https://lists.debian.org/debian-lts-announce/2020/11/msg00001.html https://lists.debian.org/debian-lts-announce/2020/11/msg00002.html https://usn.ubuntu.com/4572-1 https://usn.ubuntu.com/4572-2 https://www.debian.org/security/2020/dsa-4771 https://www.openwall.com/lists/oss • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0

A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en xorg-x11-server versiones anteriores a 1.20.9. Un subdesbordamiento de enteros en la decodificación del protocolo de extensión de entrada X en el servidor X puede conllevar a un acceso arbitrario al contenido de la memoria. • https://bugzilla.redhat.com/show_bug.cgi?id=1862246 https://lists.x.org/archives/xorg-announce/2020-August/003058.html https://security.gentoo.org/glsa/202012-01 https://usn.ubuntu.com/4488-2 https://www.zerodayinitiative.com/advisories/ZDI-20-1417 https://access.redhat.com/security/cve/CVE-2020-14346 • CWE-191: Integer Underflow (Wrap or Wraparound) •