Page 55 of 1907 results (0.016 seconds)

CVSS: 6.6EPSS: 0%CPEs: 13EXPL: 1

libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write. El archivo libfreerdp/codec/planar.c en FreeRDP versiones posteriores a 1.0 hasta 2.0.0-rc4, presenta una Escritura Fuera de límites. A flaw was found in freerdp in versions between 1.0 and 2.0.0. An out-of-bounds memory write was found in the planar.c function which could allow an attacker to control data sent from the RDP server to the client. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html https://github.com/FreeRDP/FreeRDP/commits/master https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5cwc-6wc9-255w https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html https://pub.freerdp.com/cve/CVE-2020-11521/pocAnalysis_6.pdf https://usn.ubuntu.com/4379-1 https://usn.ubuntu.com/4382-1 https://access.redhat.com/security/cve/CVE-2020-11521 https://bugzilla.redhat.com/show_bu • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •

CVSS: 6.6EPSS: 2%CPEs: 13EXPL: 1

libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow. El archivo libfreerdp/gdi/region.c en FreeRDP versiones posteriores a 1.0 hasta 2.0.0-rc4, presenta un Desbordamiento de Enteros. A flaw was found in FreeRDP in versions between 1.0 and 2.0.0. An integer overflow was found in the region.c function which could allow an attacker the ability to control the RDP server as well as the data sent to the client. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html https://github.com/FreeRDP/FreeRDP/commits/master https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4qrh-8cp8-4x42 https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html https://pub.freerdp.com/cve/CVE-2020-11523/pocAnalysis_2.pdf https://usn.ubuntu.com/4379-1 https://usn.ubuntu.com/4382-1 https://access.redhat.com/security/cve/CVE-2020-11523 https://bugzilla.redhat.com/show_bu • CWE-190: Integer Overflow or Wraparound •

CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 1

Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files. Una falta de comprobación de entrada en las implementaciones de ar/tar de APT versiones anteriores a 2.1.2, podría resultar en una denegación de servicio al procesar archivos deb especialmente diseñados • https://bugs.launchpad.net/bugs/1878177 https://github.com/Debian/apt/issues/111 https://lists.debian.org/debian-security-announce/2020/msg00089.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4PEH357MZM2SUGKETMEHMSGQS652QHH https://salsa.debian.org/apt-team/apt/-/commit/dceb1e49e4b8e4dadaf056be34088b415939cda6 https://tracker.debian.org/news/1144109/accepted-apt-212-source-into-unstable https://usn.ubuntu.com/4359-1 https://usn.ubuntu.com/4359-2 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •

CVSS: 5.0EPSS: 0%CPEs: 13EXPL: 0

In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148705132 En la función exif_data_save_data_entry del archivo exif-data.c, se presenta una posible lectura fuera de límites debido a una falta de comprobación de límites. Esto podría conllevar a una divulgación de información local sin ser necesarios privilegios de ejecución adicionales. Es requerida una interacción del usuario para su explotación. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html https://lists.debian.org/debian-lts-announce/2020/05/msg00016.html https://security.gentoo.org/glsa/202007-05 https://source.android.com/security/bulletin/2020-05-01 https://usn.ubuntu.com/4396-1 https://access.redhat.com/security/cve/CVE-2020-0093 https://bugzilla.redhat.com/show_bug.cgi?id=1852487 • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0

A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacker could exploit this vulnerability by sending a crafted ARJ file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. Una vulnerabilidad en el módulo de análisis de archivos ARJ en Clam AntiVirus (ClamAV) Software versiones 0.102.2, podría permitir a un atacante no autenticado remoto causar una condición de denegación de servicio sobre un dispositivo afectado. • https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html https://lists.debian.org/debian-lts-announce/2020/05/msg00018.html https://lists.debian.org/debian-lts-announce/2020/08/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BMTC7I5LGY4FCIZLHPNC4WWC6VNLFER https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IJ67VH37NCG25PICGWFWZHSVG7PBT7MC https://lists.fedoraproject.org/archives/list/package-announce%40lists.f • CWE-20: Improper Input Validation •