Page 27 of 426 results (0.012 seconds)

CVSS: 3.3EPSS: 0%CPEs: 8EXPL: 2

A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files. Un script postinstall en el dovecot rpm, permite a usuarios locales leer el contenido de los archivos de clave SSL/TLS recientemente creados. • http://lists.opensuse.org/opensuse-updates/2016-11/msg00096.html https://bugzilla.redhat.com/show_bug.cgi?id=1346055 https://bugzilla.suse.com/show_bug.cgi?id=984639 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0

Cache Poisoning issue exists in DNS Response Rate Limiting. Existe Un problema de envenenamiento de caché en el DNS Response Rate Limiting. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5661 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5661 https://security-tracker.debian.org/tracker/CVE-2013-5661 • CWE-290: Authentication Bypass by Spoofing •

CVSS: 7.8EPSS: 0%CPEs: 40EXPL: 0

A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver. Se encontró una vulnerabilidad en Linux Kernel, donde se encontró un desbordamiento de pila en la función mwifiex_set_wmm_params () del controlador Marvell Wifi. A vulnerability found in the Linux kernel's WMM implementation for Marvell WiFi-based hardware (mwifiex) could lead to a denial of service or allow arbitrary code execution. For this flaw to be executed, the attacker must be both local and privileged. There is no mitigation to this flaw. • https://access.redhat.com/errata/RHSA-2020:0174 https://access.redhat.com/errata/RHSA-2020:0328 https://access.redhat.com/errata/RHSA-2020:0339 https://access.redhat.com/security/cve/cve-2019-14815 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14815 https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3a https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://lore.kernel.org/linux-wireless/20190828020751.13625-1-huangwenabc%40gmail.com https:&# • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 7.4EPSS: 0%CPEs: 32EXPL: 1

A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle. Se detectó un fallo en la implementación de la política OCSP "Leaf and Chain" en las versiones de CryptoManager de JSS versiones posteriores a 4.4.6, 4.5.3, 4.6.0, donde confiaba implícitamente en el certificado raíz de una cadena de certificados. Es posible que las aplicaciones que utilizan esta política no verifiquen correctamente la cadena y puedan ser vulnerables a ataques de tipo Man in the Middle. A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager, where it implicitly trusted the root certificate of a certificate chain. • https://access.redhat.com/errata/RHSA-2019:3067 https://access.redhat.com/errata/RHSA-2019:3225 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14823 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ENEN4DQBE6WOGEP5BQ5X62WZM7ZQEEBG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O53NXVKMF7PJCPMCJQHLMSYCUGDHGBVE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZZWZLNALV6AOIBIHB3ZMNA5AGZMZAIY https:& • CWE-295: Improper Certificate Validation CWE-358: Improperly Implemented Security Check for Standard •

CVSS: 5.2EPSS: 0%CPEs: 17EXPL: 0

A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server Se detectó un error en wildfly-core en versiones anteriores a la 7.2.5.GA. Los usuarios de administración con funciones de monitor, auditor e implementador no deberían poder modificar el estado de tiempo de ejecución del servidor It was found that Wildfly users had default user permissions set incorrectly. A malicious user could use this flaw to access unauthorized controls for the application server. • https://access.redhat.com/errata/RHSA-2019:3082 https://access.redhat.com/errata/RHSA-2019:3083 https://access.redhat.com/errata/RHSA-2019:4018 https://access.redhat.com/errata/RHSA-2019:4019 https://access.redhat.com/errata/RHSA-2019:4020 https://access.redhat.com/errata/RHSA-2019:4021 https://access.redhat.com/errata/RHSA-2019:4040 https://access.redhat.com/errata/RHSA-2019:4041 https://access.redhat.com/errata/RHSA-2019:4042 https://access.redhat.com/errata/RHSA • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •