Page 27 of 2247 results (0.012 seconds)

CVSS: 5.9EPSS: 0%CPEs: 8EXPL: 1

libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL. libssh versión 0.9.4, presenta una desreferencia del puntero NULL en el archivo tftpserver.c si la función ssh_buffer_new devuelve NULL A flaw was found in libssh. A NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL. • https://bugs.libssh.org/T232 https://bugs.libssh.org/rLIBSSHe631ebb3e2247dd25e9678e6827c20dc73b73238 https://gitlab.com/libssh/libssh-mirror/-/merge_requests/120 https://lists.debian.org/debian-lts-announce/2020/07/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCIKQRKXAAB4HMWM62EPZJ4DVBHIIEG6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JNW5GBC6JFN76VEWQXMLT5F7VCZ5AJ2E https://security.gentoo.org/glsa/202011-05 https:/ • CWE-476: NULL Pointer Dereference •

CVSS: 6.4EPSS: 0%CPEs: 32EXPL: 0

GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions. GRUB2 presenta un fallo al comprobar la firma del kernel cuando se inicia directamente sin cuña, permitiendo que el arranque seguro sea omitido. Esto solo afecta a los sistemas en los que el certificado de firma del kernel ha sido importado directamente a la base de datos de arranque seguro y la imagen de GRUB es iniciada directamente sin el uso de cuña. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00067.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00069.html http://ubuntu.com/security/notices/USN-4432-1 http://www.openwall.com/lists/oss-security/2020/07/29/3 http://www.openwall.com/lists/oss-security/2021/03/02/3 http://www.openwall.com/lists/oss-security/2021/09/17/2 http://www.openwall.com/lists/oss-security/2021/09/17/4 http://www.openwall.com/lists/oss-security&#x • CWE-347: Improper Verification of Cryptographic Signature CWE-440: Expected Behavior Violation •

CVSS: 6.4EPSS: 0%CPEs: 36EXPL: 0

GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions. GRUB2 contiene una condición de carrera en la función grub_script_function_create() que conlleva a una vulnerabilidad de uso de la memoria previamente liberada la cual puede ser desencadenada al redefinir una función mientras la misma función ya se está ejecutando, conllevando a una ejecución de código arbitrario y a una omisión de restricción de arranque seguro. Este problema afecta a GRUB2 versiones 2.04 y versiones anteriores • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html http://ubuntu.com/security/notices/USN-4432-1 http://www.openwall.com/lists/oss-security/2020/07/29/3 https://access.redhat.com/security/vulnerabilities/grub2bootloader https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011 https://security.gentoo.org/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0

By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1. Al observar el seguimiento de la pila de errores de JavaScript en los trabajadores web, fue posible filtrar el resultado de un redireccionamiento de origen cruzado. Esto se aplica solo al contenido que puede ser analizado como script. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00032.html https://bugzilla.mozilla.org/show_bug.cgi?id=1634872 https://usn.ubuntu.com/4443-1 https://www.mozilla.org/security/advisories/mfsa2020-30 https://www.mozilla.org/security/advisories/mfsa2020-31 https://www.mozilla.org/security/advisories/mfsa2020-32 https://www.mozill • CWE-209: Generation of Error Message Containing Sensitive Information CWE-346: Origin Validation Error •

CVSS: 9.3EPSS: 0%CPEs: 10EXPL: 0

Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1. Los desarrolladores de Mozilla y los miembros de la comunidad informaron bugs de seguridad de la memoria presentes en Firefox versión 78 y Firefox ESR versión 78.0. Algunos de estos bugs mostraron evidencia de corrupción de la memoria y suponemos que con un suficiente esfuerzo algunos de ellos podrían haberse explotado para ejecutar código arbitrario. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00032.html https://bugzilla.mozilla.org/buglist.cgi?bug_id=1550133%2C1633880%2C1643613%2C1644839%2C1645835%2C1646006%2C1646787%2C1649347%2C1650811%2C1651678 https://usn.ubuntu.com/4443-1 https://www.mozilla.org/security/advisories/mfsa2020-30 https://www.mozilla.org/security/advisories/mfsa2020-31 https • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •