Page 6 of 32 results (0.005 seconds)

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0

Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete. La librería de cliente Java de Apache Thrift, desde la versión 0.5.0 hasta la 0.11.0, puede omitir la validación de la negociación de SASL "isComplete" en la clase org.apache.thrift.transport.TSaslTransport. Una aserción utilizada para determinar si el handshake SASL se ha completado de manera exitosa podría deshabilitarse en los ajustes de producción, prohibiendo que la validación se complete. • http://www.openwall.com/lists/oss-security/2019/07/24/3 http://www.securityfocus.com/bid/106551 https://access.redhat.com/errata/RHSA-2019:2413 https://lists.apache.org/thread.html/07c3cd5a2953a4b253eee4437b1397b1603d0f886437e19b657d2c54%40%3Ccommits.cassandra.apache.org%3E https://lists.apache.org/thread.html/187684ac8b94d55256253f5220cb55e8bd568afdf9a8a86e9bbb66c9%40%3Cdevnull.infra.apache.org%3E https://lists.apache.org/thread.html/3d3b6849fcf4cd1e87703b3dde0d57aabeb9ba0193dc0cf3c97f545d%40%3Ccommits.cassandra.apache.org%3E https://lists.apa • CWE-287: Improper Authentication CWE-295: Improper Certificate Validation •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1

The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698. La función demangle_template en cplus-dem.c en GNU libiberty, como se distribuyó en la versión 2.31.1, tiene una fuga de memoria mediante una cadena manipulada, provocando una denegación de servicio (consumo de memoria), tal y como queda demostrado con cxxfilt. Este problema está relacionado con CVE-2018-12698. • http://www.securityfocus.com/bid/106444 https://access.redhat.com/errata/RHSA-2019:3352 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539 https://support.f5.com/csp/article/K62602089 https://access.redhat.com/security/cve/CVE-2018-20657 https://bugzilla.redhat.com/show_bug.cgi?id=1664708 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1

The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm. La función _bfd_generic_read_minisymbols en syms.c en la biblioteca Binary File Descriptor (BFD), también conocida como libbfd, tal y como se distribuye en GNU Binutils 2.31, tiene una fuga de memoria mediante un archivo ELF manipulado, que conduce a una denegación de servicio (consumo de memoria), tal y como queda demostrado con nm. • http://www.securityfocus.com/bid/106142 https://security.gentoo.org/glsa/201908-01 https://security.netapp.com/advisory/ntap-20190221-0004 https://sourceware.org/bugzilla/show_bug.cgi?id=23952 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=c2f5dc30afa34696f2da0081c4ac50b958ecb0e9 https://support.f5.com/csp/article/K62602089 https://usn.ubuntu.com/4336-1 • CWE-772: Missing Release of Resource after Effective Lifetime •

CVSS: 7.8EPSS: 74%CPEs: 127EXPL: 0

Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. El kernel de Linux en versiones 4.9 y siguientes pueden forzarse a realizar llamadas muy caras a tcp_collapse_ofo_queue() y tcp_prune_ofo_queue() para cada paquete entrante, lo que puede conducir a una denegación de servicio. A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-02-linux-en http://www.openwall.com/lists/oss-security/2019/06/28/2 http://www.openwall.com/lists/oss-security/2019/07/06/3 http://www.openwall.com/lists/oss-security/2019/07/06/4 http://www.securityfocus.com/bid/104976 http://www.securitytracker.com/id/1041424 http://www.securitytracker.com/id/1041434 https://access.redhat.co • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

The RSA-CRT implementation in the Cavium Software Development Kit (SDK) 2.x, when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy (PFS), makes it easier for remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack. La implementación de RSA-CRT en Cavium Software Development Kit (SDK) 2.x cuando es utilizada en Hardware OCTEON II CN6xxx en Linux para soporte TLS con Perfect Forward Secrecy (PFS), facilita a atacantes remotos obtener claves RSA privadas llevando a cabo un ataque de canal lateral Lenstra. • http://fortiguard.com/advisory/rsa-crt-key-leak-under-certain-conditions https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf https://support.f5.com/kb/en-us/solutions/public/k/91/sol91245485.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •