Page 45 of 1833 results (0.027 seconds)

CVSS: 9.0EPSS: 32%CPEs: 47EXPL: 21

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command. En Sudo anteriores a 1.8.28, un atacante con acceso a una cuenta Runas ALL sudoer puede omitir ciertas listas negras de políticas y módulos PAM de sesión, y puede causar un registro incorrecto, mediante la invocación sudo con un ID de usuario creado. Por ejemplo, esto permite la omisión de la configuración root y el registro USER= para un comando "sudo -u \#$((0xffffffff))". • https://www.exploit-db.com/exploits/47502 https://github.com/n0w4n/CVE-2019-14287 https://github.com/shallvhack/Sudo-Security-Bypass-CVE-2019-14287 https://github.com/CMNatic/Dockerized-CVE-2019-14287 https://github.com/axax002/sudo-vulnerability-CVE-2019-14287 https://github.com/N3rdyN3xus/CVE-2019-14287 https://github.com/DewmiApsara/CVE-2019-14287 https://github.com/MariliaMeira/CVE-2019-14287 https://github.com/edsonjt81/CVE-2019-14287- https://github.com/SachinthaDeSilva-cmd& • CWE-267: Privilege Defined With Unsafe Actions CWE-755: Improper Handling of Exceptional Conditions •

CVSS: 9.1EPSS: 2%CPEs: 6EXPL: 0

libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character. La biblioteca libaspell.a en GNU Aspell versiones anteriores a 0.60.8, presenta una lectura excesiva del búfer en la región stack de la memoria en la función acommon::unescape en el archivo common/getdata.cpp por medio de un carácter \ aislado. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16109 https://github.com/GNUAspell/aspell/commit/80fa26c74279fced8d778351cff19d1d8f44fe4e https://github.com/GNUAspell/aspell/compare/rel-0.60.7...rel-0.60.8 https://lists.debian.org/debian-lts-announce/2019/10/msg00027.html https://lists.debian.org/debian-lts-announce/2021/07/msg00021.html https://usn.ubuntu.com/4155-1 https://usn.ubuntu.com/4155-2 https://www.debian.org/security/2021/dsa-4948 • CWE-125: Out-of-bounds Read •

CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 2

Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request. Libntlm versiones hasta 1.5, se basa en un tamaño de búfer fijo para operaciones de lectura y escritura de las funciones tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge y tSmbNtlmAuthResponse, como es demostrado por una lectura excesiva de búfer en la región heap de la memoria en la función buildSmbNtlmAuthRequest en el archivo smbutil.c para una petición NTLM especialmente diseñada. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00032.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942145 https://gitlab.com/jas/libntlm/issues/2 https://lists.debian.org/debian-lts-announce/2020/05/msg00010.html https://lists.debian.org/debian-lts-announce/2021/11/msg00026.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BVFO3OVJPMSGIXBKNOCVOJZ3UTGZQF5 • CWE-125: Out-of-bounds Read •

CVSS: 9.8EPSS: 1%CPEs: 12EXPL: 0

In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow. En el kernel de Linux versiones hasta 5.3.2, la función cfg80211_mgd_wext_giwessid en el archivo net/wireless/wext-sme.c no rechaza un SSID IE largo, conllevando a un Desbordamiento de Búfer. A vulnerability was found in the Linux kernel's generic WiFi ESSID handling implementation. The flaw allows a system to join a wireless network where the ESSID is longer than the maximum length of 32 characters, which can cause the system to crash or execute code. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html https://access.redhat.com/errata/RHSA-2020:0174 https://access.redhat.com/errata/RHSA-2020:0374 https://access.redhat.com/errata/RHSA-2020:0375 https://access.redhat.com/errata/RHSA-2020:0543 https://access.redhat.com/errata/RHSA-2020:0592 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0

sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory. En el archivo sf-pcapng.c en libpcap versiones anteriores a 1.9.1, no comprueba apropiadamente la longitud del encabezado PHB antes de asignar la memoria. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00051.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00052.html http://seclists.org/fulldisclosure/2019/Dec/26 https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES https://github.com/the-tcpdump-group/libpcap/commit/87d6bef033062f969e70fa40c43dfd945d5a20ab https://github.com/the-tcpdump-group/libpcap/commit/a5a36d9e82dde7265e38fe1f87b7f11c461c29f6 https://lists.debian.org/debian-lts-announce/2019/10/msg00031.html htt • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •