Page 30 of 243 results (0.005 seconds)

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value. En Qemu 3.0.0, lsi_do_msgin en hw/scsi/lsi53c895a.c permite el acceso fuera de límites desencadenando un valor msg_len inválido. • http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00043.html http://www.openwall.com/lists/oss-security/2018/11/01/1 https://lists.debian.org/debian-lts-announce/2019/05/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LQIBTGNRDQEXGAAYHE4JIWFAYFNHZ6QP https://lists.gnu.org/archive/html • CWE-125: Out-of-bounds Read •

CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0

Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad Cross-Site Scripting (XSS) en el diálogo de enlaces en el editor de la interfaz gráfica de MoinMoin en versiones anteriores a la 1.9.10 permite a atacantes remotos inyectar scripts web o HTML arbitrarios utilizando vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00024.html http://moinmo.in/SecurityFixes https://github.com/moinwiki/moin-1.9/commit/70955a8eae091cc88fd9a6e510177e70289ec024 https://lists.debian.org/debian-lts-announce/2018/10/msg00007.html https://usn.ubuntu.com/3794-1 https://www.debian.org/security/2018/dsa-4318 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. Affected releases are openSUSE Open Build Service: versions prior to d6244245dda5367767efc989446fe4b5e4609cce. Una vulnerabilidad de neutralización incorrecta de secuencias CRLF en Open Build Service permite que los atacantes remotos provoquen el borrado de directorios engañando a obs-service-refresh_patches para que los elimine. Las versiones afectadas son openSUSE Open Build Service en versiones anteriores a la d6244245dda5367767efc989446fe4b5e4609cce. • https://bugzilla.suse.com/show_bug.cgi?id=1108189 https://lwn.net/Articles/766535 • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') •

CVSS: 7.5EPSS: 94%CPEs: 26EXPL: 0

"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2. "deny-answer-aliases" es una característica poco utilizada que pretende ayudar a los operadores recursivos del servidor a proteger a los usuarios finales contra ataques de reenlace DNS, un método para poder eludir el modelo de seguridad empleado por los navegadores del cliente. Sin embargo, un defecto en esta característica hace que sea sencillo experimentar un fallo de aserción en name.c. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00027.html http://www.securityfocus.com/bid/105055 http://www.securitytracker.com/id/1041436 https://access.redhat.com/errata/RHSA-2018:2570 https://access.redhat.com/errata/RHSA-2018:2571 https://kb.isc.org/docs/aa-01639 https://lists.debian.org/debian-lts-announce/2018/08/msg00033.html https://lists.debian.org/debian-lts-announce/2021/11&#x • CWE-617: Reachable Assertion •

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1

An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c, as demonstrated by aubionotes. Se ha descubierto un problema en aubio 0.4.6. Puede ocurrir una sobrelectura de búfer en new_aubio_pitchyinfft en pitch/pitchyinfft.c, tal y como queda demostrado con aubionotes. • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00071.html https://github.com/aubio/aubio/issues/189 • CWE-125: Out-of-bounds Read •