Page 40 of 446 results (0.032 seconds)

CVSS: 6.5EPSS: 0%CPEs: 17EXPL: 3

Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream. Una implementación inapropiada en WebRTC en Google Chrome versiones anteriores a 84.0.4147.89, permitió a un atacante en una posición de red privilegiada potencialmente explotar una corrupción de la pila por medio de un flujo SCTP diseñado • https://github.com/hasan-khalil/CVE-2020-6514 http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00069.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00022.html http:/&#x • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.9EPSS: 0%CPEs: 7EXPL: 1

evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection." evolution-data-server (eds) versiones hasta 3.36.3, presenta un problema de almacenamiento en búfer STARTTLS que afecta a SMTP y POP3. Cuando un servidor envía una respuesta "begin TLS", eds lee datos adicionales y los evalúa en un contexto TLS, también se conoce como "response injection" • https://bugzilla.suse.com/show_bug.cgi?id=1173910 https://gitlab.gnome.org/GNOME//evolution-data-server/commit/ba82be72cfd427b5d72ff21f929b3a6d8529c4df https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/f404f33fb01b23903c2bbb16791c7907e457fbac https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/226 https://lists.debian.org/debian-lts-announce/2020/07/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMBEZWA22EAYAZQWUX4KPEBER726KSIG https://sec • CWE-20: Improper Input Validation CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 0

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="string://<%= `). NOTE: kramdown is used in Jekyll, GitLab Pages, GitHub Pages, and Thredded Forum. La gema kramdown versiones anteriores a 2.3.0 para Ruby procesa la opción de plantilla dentro de los documentos de Kramdown por defecto, lo que permite el acceso de lectura no deseada (tal y como template="/etc/passwd") o la ejecución de código Ruby insertado no previsto (tal y como una cadena que comienza con template="string://(%= "). NOTA: kramdown es usado en Jekyll, GitLab Pages, GitHub Pages y Thredded Forum • https://github.com/gettalong/kramdown https://github.com/gettalong/kramdown/commit/1b8fd33c3120bfc6e5164b449e2c2fc9c9306fde https://github.com/gettalong/kramdown/compare/REL_2_2_1...REL_2_3_0 https://kramdown.gettalong.org https://kramdown.gettalong.org/news.html https://lists.apache.org/thread.html/r96df7899fbb456fe2705882f710a0c8e8614b573fbffd8d12e3f54d2%40%3Cnotifications.fluo.apache.org%3E https://lists.debian.org/debian-lts-announce/2020/08/msg00014.html https://lists.fedoraproject.org/archives/list/package-announ • CWE-862: Missing Authorization •

CVSS: 7.5EPSS: 2%CPEs: 9EXPL: 0

A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference. An attacker could exploit this vulnerability by sending a crafted EGG file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. Una vulnerabilidad en el módulo de análisis de archivo EGG en Clam AntiVirus (ClamAV) Software versiones 0.102.0 - 0.102.3, podría permitir a un atacante remoto no autenticado causar una condición de denegación de servicio en un dispositivo afectado. • https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html https://lists.debian.org/debian-lts-announce/2020/08/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IJ67VH37NCG25PICGWFWZHSVG7PBT7MC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QM7EXJHDEZJLWM2NKH6TCDXOBP5NNYIN https://security.gentoo.org/glsa/202007-23 https://usn.ubuntu.com/4435-1 https://usn.ubuntu.com/4435-2 • CWE-476: NULL Pointer Dereference •

CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 0

cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit by crafting cloud-init user-data/meta-data via external media to perform arbitrary changes on the device to bypass intended security mechanisms such as full disk encryption. This issue did not affect traditional Ubuntu systems. Fixed in snapd version 2.45.2, revision 8539 and core version 2.45.2, revision 9659. cloud-init administrado por snapd en los dispositivos Ubuntu Core 16 y Ubuntu Core 18, se ejecutó sin restricciones en cada arranque, que un atacante físico podría explotar mediante el diseño de user-data/meta-data de cloud-init por medio de medios externos para llevar a cabo cambios arbitrarios en el dispositivo para omitir los mecanismos de seguridad previstos, como el cifrado de disco completo. Este problema no afectó a los sistemas tradicionales de Ubuntu. Se corrigió en snapd versión 2.45.2, revisión 8539 y core versión 2.45.2, revisión 9659 • https://launchpad.net/bugs/1879530 https://ubuntu.com/USN-4424-1 • CWE-264: Permissions, Privileges, and Access Controls •