Page 37 of 1154 results (0.013 seconds)

CVSS: 4.8EPSS: 0%CPEs: 41EXPL: 2

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. SMT (Simultaneous Multi-threading) en los procesadores puede habilitar que usuarios locales exploten software vulnerable a ataques de sincronización mediante un ataques de sincronización de canal lateral en la "contención de puertos". A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information. • https://www.exploit-db.com/exploits/45785 http://www.securityfocus.com/bid/105897 https://access.redhat.com/errata/RHSA-2019:0483 https://access.redhat.com/errata/RHSA-2019:0651 https://access.redhat.com/errata/RHSA-2019:0652 https://access.redhat.com/errata/RHSA-2019:2125 https://access.redhat.com/errata/RHSA-2019:3929 https://access.redhat.com/errata/RHSA-2019:3931 https://access.redhat.com/errata/RHSA-2019:3932 https://access.redhat.com/errata/RHSA-2019:3933 https& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •

CVSS: 6.5EPSS: 0%CPEs: 20EXPL: 1

An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo. Se ha descubierto un problema en Poppler 0.71.0. Hay una fuga de memoria en GfxColorSpace::setDisplayProfile in GfxState.cc, tal y como queda demostrado con pdftocairo. • https://access.redhat.com/errata/RHSA-2019:2022 https://access.redhat.com/errata/RHSA-2019:2713 https://gitlab.freedesktop.org/poppler/poppler/issues/654 https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html https://usn.ubuntu.com/4042-1 https://access.redhat.com/security/cve/CVE-2018-18897 https://bugzilla.redhat.com/show_bug.cgi?id=1646546 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •

CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0

A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239. Una vulnerabilidad de desbordamiento de búfer en el cliente dhcp6 de systemd permite que un servidor dhcp6 malicioso sobrescriba memoria dinámica (heap) en systemd-networkd. Las versiones afectadas de systemd son todas hasta la 239 incluida. It was discovered that systemd-network does not correctly keep track of a buffer size when constructing DHCPv6 packets. • http://www.securityfocus.com/bid/105745 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2018:3665 https://access.redhat.com/errata/RHSA-2019:0049 https://github.com/systemd/systemd/pull/10518 https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html https://security.gentoo.org/glsa/201810-10 https://usn.ubuntu.com/3806-1 https://usn.ubuntu.com/3807-1 https://access.redhat.com/security/cve/CVE-2018-15688 https:/&#x • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow •

CVSS: 7.2EPSS: 4%CPEs: 11EXPL: 11

A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges. Se ha descubierto un problema en versiones anteriores a la 1.20.3 de xorg-x11-server. Hay una comprobación incorrecta de permisos para las opciones -modulepath y -logfile al iniciar Xorg. • https://www.exploit-db.com/exploits/45938 https://www.exploit-db.com/exploits/45832 https://www.exploit-db.com/exploits/45922 https://www.exploit-db.com/exploits/45908 https://www.exploit-db.com/exploits/45697 https://www.exploit-db.com/exploits/45742 https://www.exploit-db.com/exploits/46142 https://www.exploit-db.com/exploits/47701 https://github.com/jas502n/CVE-2018-14665 https://github.com/bolonobolo/CVE-2018-14665 http://packetstormsecurity.com/files/154942/ • CWE-271: Privilege Dropping / Lowering Errors CWE-863: Incorrect Authorization •

CVSS: 8.8EPSS: 1%CPEs: 16EXPL: 0

Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. El manejo incorrecto de texturas en Angle en Google Chrome en versiones anteriores a la 70.0.3538.67 permitía que un atacante remoto pudiese realizar una lectura de memoria fuera de límites mediante una página HTML manipulada. • http://www.securityfocus.com/bid/105666 http://www.securityfocus.com/bid/106168 https://access.redhat.com/errata/RHSA-2018:3004 https://access.redhat.com/errata/RHSA-2018:3831 https://access.redhat.com/errata/RHSA-2018:3833 https://access.redhat.com/errata/RHSA-2019:0159 https://access.redhat.com/errata/RHSA-2019:0160 https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html https://crbug.com/880906 https://lists.debian.org/debian-lts-announce/2018& • CWE-125: Out-of-bounds Read •