Page 28 of 547 results (0.016 seconds)

CVSS: 7.8EPSS: 0%CPEs: 40EXPL: 0

A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver. Se encontró una vulnerabilidad en Linux Kernel, donde se encontró un desbordamiento de pila en la función mwifiex_set_wmm_params () del controlador Marvell Wifi. A vulnerability found in the Linux kernel's WMM implementation for Marvell WiFi-based hardware (mwifiex) could lead to a denial of service or allow arbitrary code execution. For this flaw to be executed, the attacker must be both local and privileged. There is no mitigation to this flaw. • https://access.redhat.com/errata/RHSA-2020:0174 https://access.redhat.com/errata/RHSA-2020:0328 https://access.redhat.com/errata/RHSA-2020:0339 https://access.redhat.com/security/cve/cve-2019-14815 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14815 https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3a https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://lore.kernel.org/linux-wireless/20190828020751.13625-1-huangwenabc%40gmail.com https:&# • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 7.4EPSS: 0%CPEs: 32EXPL: 1

A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle. Se detectó un fallo en la implementación de la política OCSP "Leaf and Chain" en las versiones de CryptoManager de JSS versiones posteriores a 4.4.6, 4.5.3, 4.6.0, donde confiaba implícitamente en el certificado raíz de una cadena de certificados. Es posible que las aplicaciones que utilizan esta política no verifiquen correctamente la cadena y puedan ser vulnerables a ataques de tipo Man in the Middle. A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager, where it implicitly trusted the root certificate of a certificate chain. • https://access.redhat.com/errata/RHSA-2019:3067 https://access.redhat.com/errata/RHSA-2019:3225 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14823 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ENEN4DQBE6WOGEP5BQ5X62WZM7ZQEEBG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O53NXVKMF7PJCPMCJQHLMSYCUGDHGBVE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZZWZLNALV6AOIBIHB3ZMNA5AGZMZAIY https:& • CWE-295: Improper Certificate Validation CWE-358: Improperly Implemented Security Check for Standard •

CVSS: 5.2EPSS: 0%CPEs: 17EXPL: 0

A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server Se detectó un error en wildfly-core en versiones anteriores a la 7.2.5.GA. Los usuarios de administración con funciones de monitor, auditor e implementador no deberían poder modificar el estado de tiempo de ejecución del servidor It was found that Wildfly users had default user permissions set incorrectly. A malicious user could use this flaw to access unauthorized controls for the application server. • https://access.redhat.com/errata/RHSA-2019:3082 https://access.redhat.com/errata/RHSA-2019:3083 https://access.redhat.com/errata/RHSA-2019:4018 https://access.redhat.com/errata/RHSA-2019:4019 https://access.redhat.com/errata/RHSA-2019:4020 https://access.redhat.com/errata/RHSA-2019:4021 https://access.redhat.com/errata/RHSA-2019:4040 https://access.redhat.com/errata/RHSA-2019:4041 https://access.redhat.com/errata/RHSA-2019:4042 https://access.redhat.com/errata/RHSA • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •

CVSS: 9.8EPSS: 1%CPEs: 19EXPL: 0

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup. Se detectó un problema de Escritura Polimórfica en FasterXML jackson-databind versiones anteriores a 2.9.10. Está relacionado con net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup. • https://access.redhat.com/errata/RHSA-2019:3200 https://access.redhat.com/errata/RHSA-2020:0159 https://access.redhat.com/errata/RHSA-2020:0160 https://access.redhat.com/errata/RHSA-2020:0161 https://access.redhat.com/errata/RHSA-2020:0164 https://access.redhat.com/errata/RHSA-2020:0445 https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.3...jackson-databind-2.9.10 https://github.com/FasterXML/jackson-databind/issues/2460 https://lists.apache.or • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-502: Deserialization of Untrusted Data •

CVSS: 9.8EPSS: 0%CPEs: 65EXPL: 0

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling. Se descubrió un problema de escritura polimórfica en FasterXML jackson-databind versión 2.0.0 hasta 2.9.10. Cuando la Escritura Predeterminada está habilitada (tanto globalmente o para una propiedad específica) para un end point JSON expuesto externamente y el servicio posee el jar commons-dbcp (versión 1.4) en el classpath, y un atacante puede encontrar un end point de servicio RMI para acceder, es posible lograr que el servicio ejecute una carga maliciosa. • https://access.redhat.com/errata/RHSA-2019:3901 https://access.redhat.com/errata/RHSA-2020:0159 https://access.redhat.com/errata/RHSA-2020:0160 https://access.redhat.com/errata/RHSA-2020:0161 https://access.redhat.com/errata/RHSA-2020:0164 https://access.redhat.com/errata/RHSA-2020:0445 https://github.com/FasterXML/jackson-databind/issues/2478 https://issues.apache.org/jira/browse/GEODE-7255 https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-502: Deserialization of Untrusted Data •