Page 43 of 1963 results (0.017 seconds)

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0

GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files. GStreamer versiones anteriores a 1.18.4, podría acceder a la memoria ya liberada en rutas de código de error al demultiplexar determinados archivos Matroska malformados • https://bugzilla.redhat.com/show_bug.cgi?id=1945339 https://gstreamer.freedesktop.org/security/sa-2021-0002.html https://lists.debian.org/debian-lts-announce/2021/04/msg00027.html https://security.gentoo.org/glsa/202208-31 https://www.debian.org/security/2021/dsa-4900 https://access.redhat.com/security/cve/CVE-2021-3497 • CWE-416: Use After Free •

CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0

A security vulnerability in HPE IceWall SSO Domain Gateway Option (Dgfw) module version 10.0 on RHEL 5/6/7, version 10.0 on HP-UX 11i v3, version 10.0 on Windows and 11.0 on Windows could be exploited remotely to allow cross-site scripting (XSS). Una vulnerabilidad de seguridad en el módulo HPE IceWall SSO Domain Gateway Option (Dgfw) versión 10.0 en RHEL 5/6/7, versión 10.0 en HP-UX 11i versión v3, versión 10.0 en Windows y 11.0 en Windows, podría ser explotado remotamente para permitir ataques de tipo cross-site scripting (XSS) • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04086en_us • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0

A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en xorg-x11-server en versiones anteriores a 1.20.11. Se puede producir un subdesbordamiento de enteros en xserver que puede conllevar a una escalada de privilegios local. • http://www.openwall.com/lists/oss-security/2021/04/13/1 https://bugzilla.redhat.com/show_bug.cgi?id=1944167 https://gitlab.freedesktop.org/xorg/xserver/-/commit/7aaf54a1884f71dc363f0b884e57bcb67407a6cd https://lists.debian.org/debian-lts-announce/2021/04/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDF7TAJE7NPZPNVOXSD5HBIFLNPUOD2V https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO6S5OPXUDYBSRSVWVLFLJ6AFERG4HNY https:/& • CWE-191: Integer Underflow (Wrap or Wraparound) •

CVSS: 8.1EPSS: 1%CPEs: 8EXPL: 0

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability. Se encontró un fallo en Nettle en versiones anteriores a 3.7.2, donde varias funciones de comprobación de firma de Nettle (GOST DSA, EDDSA y ECDSA) resultan en la función de multiplicación del punto Elliptic Curve Cryptography (ECC) ser llamados con escaladores fuera de rango, posiblemente resultando en resultados incorrectos. Este fallo permite a un atacante forzar una firma no válida, causando un fallo de aserción o una posible validación. • https://bugzilla.redhat.com/show_bug.cgi?id=1942533 https://lists.debian.org/debian-lts-announce/2021/09/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQKWVVMAIDAJ7YAA3VVO32BHLDOH2E63 https://security.gentoo.org/glsa/202105-31 https://security.netapp.com/advisory/ntap-20211022-0002 https://www.debian.org/security/2021/dsa-4933 https://access.redhat.com/security/cve/CVE-2021-20305 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-787: Out-of-bounds Write •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1

A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened. Se encontró un fallo de desreferencia de puntero NULL en la manera en que Jasper versiones anteriores a 2.0.27, manejaban las referencias de componentes en el decodificador de formato de imagen JP2. Un archivo de imagen JP2 especialmente diseñado podría causar que una aplicación que usa la biblioteca Jasper se bloquee al abrirse • https://bugzilla.redhat.com/show_bug.cgi?id=1939233 • CWE-476: NULL Pointer Dereference •