Page 34 of 366 results (0.021 seconds)

CVSS: 9.8EPSS: 87%CPEs: 174EXPL: 1

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. En Apache Log4j 2.x en versiones anteriores a 2.8.2, cuando se utiliza el servidor de socket TCP o el servidor de socket UDP para recibir sucesos de registro serializados de otra aplicación, puede enviarse una carga binaria especialmente diseñada que, cuando se deserializa, puede ejecutar código arbitrario. It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. • https://github.com/pimps/CVE-2017-5645 http://www.openwall.com/lists/oss-security/2019/12/19/2 http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/97702 http://www.securitytracker.com/id/1040200 http://www.securit • CWE-502: Deserialization of Untrusted Data •

CVSS: 5.9EPSS: 10%CPEs: 47EXPL: 0

A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8. Una consulta con un conjunto determinado de características podría provocar que un servidor que emplea DNS64 se encuentre con un fallo de aserción y termine. Un atacante podría construir deliberadamente una consulta, habilitando una denegación de servicio (DoS) contra un servidor si está configurado para emplear la característica DNS64 y se cumplen otras precondiciones. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html http://www.securityfocus.com/bid/97653 http://www.securitytracker.com/id/1038259 https://access.redhat.com/errata/RHSA-2017:1095 https://access.redhat.com/errata/RHSA-2017:1105 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us https://kb.isc.org/docs/aa-01465 https://security.gentoo. • CWE-617: Reachable Assertion •

CVSS: 7.5EPSS: 22%CPEs: 39EXPL: 0

Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8. Las asunciones equivocadas sobre el orden de los registros en la sección de respuesta de una respuesta que contiene registros de recursos CNAME o DNAME podría conducir a una situación en la que named se cerraría con un fallo de aserción al procesar una respuesta en la que los registros ocurrieron en un orden inusual. Afecta a BIND en versiones 9.9.9-P6, desde la versión 9.9.10b1 hasta la 9.9.10rc1, la versión 9.10.4-P6, desde la versión 9.10.5b1 hasta la 9.10.5rc1, la versión 9.11.0-P3, desde la versión 9.11.1b1 hasta la 9.11.1rc1 y en la versión 9.9.9-S8. A denial of service flaw was found in the way BIND handled a query response containing CNAME or DNAME resource records in an unusual order. • http://www.securityfocus.com/bid/97651 http://www.securitytracker.com/id/1038258 http://www.securitytracker.com/id/1040195 https://access.redhat.com/errata/RHSA-2017:1095 https://access.redhat.com/errata/RHSA-2017:1105 https://access.redhat.com/errata/RHSA-2017:1582 https://access.redhat.com/errata/RHSA-2017:1583 https://kb.isc.org/docs/aa-01466 https://security.gentoo.org/glsa/201708-01 https://security.netapp.com/advisory/ntap-20180802-0002 https://www.debian.org& • CWE-617: Reachable Assertion •

CVSS: 7.0EPSS: 0%CPEs: 10EXPL: 1

JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer. JasPer, en versiones anteriores a la 2.0.12, es vulnerable a un uso de memoria previamente liberada en la forma en la que descifra ciertos archivos de imagen JPEG 2000. Esto resulta en un cierre inesperado de la aplicación que esté usando JasPer. A use-after-free flaw was found in the way JasPer, before version 2.0.12, decode certain JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash. • http://www.securityfocus.com/bid/94952 https://access.redhat.com/errata/RHSA-2017:1208 https://bugzilla.redhat.com/show_bug.cgi?id=1406405 https://security.gentoo.org/glsa/201707-07 https://www.debian.org/security/2017/dsa-3827 https://access.redhat.com/security/cve/CVE-2016-9591 • CWE-416: Use After Free •

CVSS: 8.1EPSS: 0%CPEs: 10EXPL: 2

An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap. Se ha detectado una vulnerabilidad de lectura fuera de límites en OpenJPEG 2.1.2, en la herramienta j2k_to_image. La conversión de un archivo JPEG2000 especialmente manipulado a otro formato podría provocar que la aplicación se cierre inesperadamente o, potencialmente, revele algunos datos de la memoria dinámica (heap). An out-of-bounds read vulnerability was found in OpenJPEG, in the j2k_to_image tool. • http://rhn.redhat.com/errata/RHSA-2017-0838.html http://www.securityfocus.com/bid/97073 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9573 https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d https://github.com/uclouvain/openjpeg/issues/862 https://security.gentoo.org/glsa/201710-26 https://www.debian.org/security/2017/dsa-3768 https://access.redhat.com/security/cve/CVE-2016-9573 https://bugzilla.redhat.com/show_bug.cgi?id=1402711 • CWE-125: Out-of-bounds Read •