Page 60 of 1834 results (0.038 seconds)

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0

In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used. En el archivo support.c en pam_tacplus versiones 1.3.8 hasta 1.5.1, el secreto compartido TACACS+ es registrado por medio de syslog si el nivel de registro DEBUG y journald son usados • http://www.openwall.com/lists/oss-security/2020/06/08/1 https://github.com/kravietz/pam_tacplus/commit/4a9852c31c2fd0c0e72fbb689a586aabcfb11cb0 https://github.com/kravietz/pam_tacplus/issues/149 https://lists.debian.org/debian-lts-announce/2020/06/msg00007.html https://lists.debian.org/debian-lts-announce/2021/08/msg00006.html https://usn.ubuntu.com/4521-1 https://www.arista.com/en/support/advisories-notices/security-advisories/11705-security-advisory-50 • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0

rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation. La función rom_copy() en el archivo hw/core/loader.c en QEMU versión 4.0 y versión 4.1.0, no comprueba la relación entre dos direcciones, lo que permite a atacantes activar una operación de copia de memoria no válida An out-of-bound write access flaw was found in the way QEMU loads ROM contents at boot time. This flaw occurs in the rom_copy() routine while loading the contents of a 32-bit -kernel image into memory. Running an untrusted -kernel image may load contents at arbitrary memory locations, potentially leading to code execution with the privileges of the QEMU process. • https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=e423455c4f23a1a828901c78fe6d03b7dde79319 https://github.com/qemu/qemu/commit/4f1c6cb2f9afafda05eab150fd2bd284edce6676 https://lists.debian.org/debian-lts-announce/2020/06/msg00032.html https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html https://security.netapp.com/advisory/ntap-20200619-0006 https://usn.ubuntu.com/4467-1 https://www.openwall.com/lists/oss-security/2020/06/03/6 https://access.redhat.com/security/cve/CVE-2020-13765 • CWE-787: Out-of-bounds Write •

CVSS: 6.0EPSS: 0%CPEs: 5EXPL: 0

ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call. ati-vga en el archivo hw/display/ati.c en QEMU versión 4.2.0, permite a usuarios invitados del Sistema Operativo desencadenar una recursividad infinita por medio de un valor mm_index diseñado durante una llamada de ati_mm_read o ati_mm_write • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html https://cve.openeuler.org/cve#/CVEInfo/CVE-2020-13800 https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00825.html https://security.gentoo.org/glsa/202011-09 https://security.netapp.com/advisory/ntap-20200717-0001 https://usn.ubuntu.com/4467-1 https://www.openwall.com/lists/oss-security/2020/06/04/2 • CWE-674: Uncontrolled Recursion •

CVSS: 9.3EPSS: 0%CPEs: 7EXPL: 0

Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. El desarrollador de Mozilla, Iain Ireland, detectó una falta de un tipo comprobación durante la eliminación de objetos sin caja, resultando en un bloqueo. Presumimos que con un esfuerzo suficiente podría ser explotado para ejecutar código arbitrario. • https://bugzilla.mozilla.org/show_bug.cgi?id=1639590 https://usn.ubuntu.com/4421-1 https://www.mozilla.org/security/advisories/mfsa2020-20 https://www.mozilla.org/security/advisories/mfsa2020-21 https://www.mozilla.org/security/advisories/mfsa2020-22 https://access.redhat.com/security/cve/CVE-2020-12406 https://bugzilla.redhat.com/show_bug.cgi?id=1843312 • CWE-345: Insufficient Verification of Data Authenticity CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 1

When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. Cuando se navega una página maliciosa, podría ocurrir una condición de carrera en nuestro SharedWorkerService y conllevar a un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 68.9.0, Firefox versiones anteriores a 77 y Firefox ESR versiones anteriores a 68.9 The Mozilla Foundation Security Advisory describes this flaw as: When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. • https://bugzilla.mozilla.org/show_bug.cgi?id=1631618 https://usn.ubuntu.com/4421-1 https://www.mozilla.org/security/advisories/mfsa2020-20 https://www.mozilla.org/security/advisories/mfsa2020-21 https://www.mozilla.org/security/advisories/mfsa2020-22 https://access.redhat.com/security/cve/CVE-2020-12405 https://bugzilla.redhat.com/show_bug.cgi?id=1843313 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •