Page 45 of 329 results (0.008 seconds)

CVSS: 7.3EPSS: 0%CPEs: 10EXPL: 0

CVE-2019-14905 – Ansible: malicious code could craft filename in nxos_file_copy module

https://notcve.org/view.php?id=CVE-2019-14905

A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues. Se detectó una vulnerabilidad en Ansible Engine versiones 2.9.x anteriores a 2.9.3, versiones 2.8.x anteriores a 2.8.8, versiones 2.7.x anteriores a 2.7.16 y anteriores, donde en el módulo nxos_file_copy de Ansible puede ser usado para copiar archivos a una flash o bootflash en dispositivos NXOS. Un código malicioso podría diseñar el parámetro filename para llevar a cabo inyecciones de comandos de Sistema Operativo. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html https://access.redhat.com/errata/RHSA-2020:0216 https://access.redhat.com/errata/RHSA-2020:0218 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14905 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5BNCYPQ4BY5QHBCJOAOPANB5FHATW2BR https://access.redhat.com/security/cve/CVE-2019-14905 https://bugzilla.red • CWE-20: Improper Input Validation CWE-73: External Control of File Name or Path CWE-668: Exposure of Resource to Wrong Sphere •

CVSS: 9.3EPSS: 0%CPEs: 8EXPL: 0

CVE-2020-7040

https://notcve.org/view.php?id=CVE-2020-7040

storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. (Local users can also create a plain file named /tmp/storeBackup.lock to block use of storeBackup until an admin manually deletes that file.) El archivo storeBackup.pl en storeBackup versiones hasta 3.5, se basa en el nombre de ruta /tmp/storeBackup.lock, que permite ataques de tipo symlink que posiblemente conllevan a una escalada de privilegios. (Los usuarios locales también pueden crear un archivo simple llamado /tmp/storeBackup.lock para bloquear el uso de storeBackup hasta que un administrador elimine manualmente ese archivo). • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00054.html http://www.openwall.com/lists/oss-security/2020/01/20/3 http://www.openwall.com/lists/oss-security/2020/01/21/2 http://www.openwall.com/lists/oss-security/2020/01/22/2 http://www.openwall.com/lists/oss-security/2020/01/22/3 http://www.openwall.com/lists/oss-security/2020/01/23/1 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2020-7040 https://lists.debian.org/debian-lts-announ • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0

CVE-2019-18932

https://notcve.org/view.php?id=CVE-2019-18932

log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can pre-create the directory, and place symlinks in it (after winning a /tmp/sarg/denied.int_unsort race condition). The outcome will be corrupted or newly created files in privileged file system locations. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00051.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00063.html http://www.openwall.com/lists/oss-security/2020/01/20/6 http://www.openwall.com/lists/oss-security/2020/01/27/1 https://bugzilla.suse.com/show_bug.cgi?id=1150554 https://seclists.org/oss-sec/2020/q1/23 https://security.gentoo.org/glsa/202007-32 https://sourceforge.net/projects/sarg • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 6.1EPSS: 1%CPEs: 12EXPL: 1

CVE-2020-7106

https://notcve.org/view.php?id=CVE-2020-7106

Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS). Cacti versión 1.2.8, tiene un vulnerabilidad de tipo XSS almacenado en los archivos data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, y user_group_admin.php, como es demostrado por el parámetro description en el archivo data_sources.php (una cadena sin procesar desde la base de datos que se despliega con $header para activar un ataque de tipo XSS). • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00032.html https://github.com/Cacti/cacti/issues/3191 https://lists.debian.org/debian-lts-announce/2020/01/msg00014.html https://lists • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 1

CVE-2020-6377 – chromium-browser: Use after free in audio

https://notcve.org/view.php?id=CVE-2020-6377

Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en audio en Google Chrome versiones anteriores a la versión 79.0.3945.117, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML especialmente diseñada. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00023.html https://access.redhat.com/errata/RHSA-2020:0084 https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop.html https://crbug.com/1029462 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK https:/ • CWE-416: Use After Free •