Page 22 of 167 results (0.036 seconds)

CVSS: 6.5EPSS: 0%CPEs: 27EXPL: 0

In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner." En SQLite versiones hasta 3.29.0, la función whereLoopAddBtreeIndex en el archivo sqlite3.c puede bloquear un navegador u otra aplicación debido a la falta de comprobación de un campo sqlite_stat1 sz, también se conoce como "severe division by zero in the query planner.". • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00033.html https://kc.mcafee.com/corporate/index?page=content&id=SB10365 https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XZARJHJJDBHI7CE5PZEBXS5HKK6HXKW2 https://security.gentoo.org/glsa/202003-16 https://security.netapp.com/advisory/ntap-20190926-0003 https:/& • CWE-369: Divide By Zero •

CVSS: 7.8EPSS: 0%CPEs: 43EXPL: 22

In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments. En el kernel de Linux anterior a versión 5.1.17, ptrace_link en el archivo kernel/ptrace.c maneja inapropiadamente la grabación de las credenciales de un proceso que desea crear una relación de ptrace, que permite a los usuarios locales obtener acceso de root aprovechando determinados escenarios con un relación de proceso padre-hijo, donde un padre elimina los privilegios y llama a execve (permitiendo potencialmente el control por parte de un atacante). • https://www.exploit-db.com/exploits/47133 https://www.exploit-db.com/exploits/47163 https://www.exploit-db.com/exploits/50541 https://www.exploit-db.com/exploits/47543 https://github.com/jas502n/CVE-2019-13272 https://github.com/Cyc1eC/CVE-2019-13272 https://github.com/oneoy/CVE-2019-13272 https://github.com/polosec/CVE-2019-13272 https://github.com/MDS1GNAL/ptrace_scope-CVE-2019-13272-privilege-escalation https://github.com/datntsec/CVE-2019-13272 https://github • CWE-271: Privilege Dropping / Lowering Errors •

CVSS: 8.1EPSS: 0%CPEs: 9EXPL: 1

In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in 1.8.1, such as CVE-2019-3855. En libssh2 anterior a la versión 1.9.0, el archivo kex_method_diffie_hellman_group_exchange_sha256_key_exchange en kex.c presenta un desbordamiento de enteros que podría conllevar a una escritura fuera de límites en la manera en que se leen los paquetes desde el servidor. Un atacante remoto que comprometa un servidor SSH puede ejecutar código en el sistema cliente cuando un usuario se conecta al servidor. • http://packetstormsecurity.com/files/172834/libssh2-1.8.2-Out-Of-Bounds-Read.html https://blog.semmle.com/libssh2-integer-overflow https://github.com/libssh2/libssh2/compare/02ecf17...42d37aa https://github.com/libssh2/libssh2/pull/350 https://libssh2.org/changes.html https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E http • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •

CVSS: 9.8EPSS: 0%CPEs: 31EXPL: 0

libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. libxslt hasta la versión 1.1.33 permite omitir los mecanismos de protección debido a que los callers xsltCheckRead y xsltCheckWrite permiten acceso incluso después de recibir el código de error -1. xsltCheckRead puede devolver -1 para una URL creada que no es realmente inválida y que se carga posteriormente. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html http://www.openwall.com/lists/oss-security/2019/04/22/1 http://www.openwall.com/lists/oss-security/2019/04/23/5 https • CWE-284: Improper Access Control •

CVSS: 8.3EPSS: 0%CPEs: 19EXPL: 0

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Windows DLL). Supported versions that are affected are Java SE: 7u181 and 8u172. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.securityfocus.com/bid/104781 http://www.securitytracker.com/id/1041302 https://security.netapp.com/advisory/ntap-20180726-0001 •