Page 25 of 1481 results (0.023 seconds)

CVSS: 8.1EPSS: 0%CPEs: 16EXPL: 0

A race condition was addressed with additional validation. This issue is fixed in tvOS 11.2, iOS 11.2, macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan, watchOS 4.2. An application may be able to gain elevated privileges. Se abordó una condición de carrera con una comprobación adicional. Este problema es corregido en tvOS versión 11.2, iOS versión 11.2, macOS High Sierra versión 10.13.2, Security Update 2017-002 Sierra y Security Update 2017-005 El Capitan, watchOS versión 4.2. • https://support.apple.com/en-us/HT208325 https://support.apple.com/en-us/HT208327 https://support.apple.com/en-us/HT208331 https://support.apple.com/en-us/HT208334 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 8.2EPSS: 20%CPEs: 37EXPL: 0

A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). Un URI diseñado que es enviado a httpd configurado como proxy directo (ProxyRequests on) puede causar un fallo (desreferencia de puntero NULL) o, en el caso de configuraciones que mezclan declaraciones de proxy directo e inverso, puede permitir que las peticiones se dirijan a un endpoint de socket de dominio Unix declarado (Server Side Request Forgery). Este problema afecta a Apache HTTP Server versiones 2.4.7 hasta 2.4.51 (incluyéndola) There's a null pointer dereference and server-side request forgery flaw in httpd's mod_proxy module, when it is configured to be used as a forward proxy. A crafted packet could be sent on the adjacent network to the forward proxy that could cause a crash, or potentially SSRF via misdirected Unix Domain Socket requests. • http://httpd.apache.org/security/vulnerabilities_24.html http://seclists.org/fulldisclosure/2022/May/33 http://seclists.org/fulldisclosure/2022/May/35 http://seclists.org/fulldisclosure/2022/May/38 http://www.openwall.com/lists/oss-security/2021/12/20/3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO https:// • CWE-476: NULL Pointer Dereference CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 9.8EPSS: 13%CPEs: 35EXPL: 2

A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. Un cuerpo de petición cuidadosamente diseñado puede causar un desbordamiento de búfer en el analizador multiparte mod_lua (r:parsebody() llamado desde scripts Lua). El equipo de Apache httpd no presenta constancia de que se presente una explotación para esta vulnerabilidad, aunque podría ser posible diseñar uno. • https://www.exploit-db.com/exploits/51193 https://github.com/nuPacaChi/-CVE-2021-44790 http://httpd.apache.org/security/vulnerabilities_24.html http://packetstormsecurity.com/files/171631/Apache-2.4.x-Buffer-Overflow.html http://seclists.org/fulldisclosure/2022/May/33 http://seclists.org/fulldisclosure/2022/May/35 http://seclists.org/fulldisclosure/2022/May/38 http://www.openwall.com/lists/oss-security/2021/12/20/4 https://lists.fedoraproject.org/archives/list/package-announce • CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 1

vim is vulnerable to Heap-based Buffer Overflow vim es vulnerable al desbordamiento del búfer en la región Heap de la memoria • http://seclists.org/fulldisclosure/2022/Jul/14 http://seclists.org/fulldisclosure/2022/Mar/29 http://seclists.org/fulldisclosure/2022/May/35 http://www.openwall.com/lists/oss-security/2022/01/15/1 https://github.com/vim/vim/commit/605ec91e5a7330d61be313637e495fa02a6dc264 https://huntr.dev/bounties/5c6b93c1-2d27-4e98-a931-147877b8c938 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD https://lists.fedoraproject.org/archives/list/package& • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A local user may be able to modify protected parts of the file system. Se abordó un problema de lógica con la administración de estados mejorada. Este problema se ha corregido en macOS Big Sur versión 11.6.2, macOS Monterey versión 12.1, Security Update 2021-008 Catalina, iOS versión 15.2 y iPadOS versión 15.2, watchOS versión 8.3. • https://support.apple.com/en-us/HT212975 https://support.apple.com/en-us/HT212976 https://support.apple.com/en-us/HT212978 https://support.apple.com/en-us/HT212979 https://support.apple.com/en-us/HT212981 •