Page 61 of 1393 results (0.018 seconds)

CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0

The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message. A remote authenticated attacker could exploit this to cause a denial of service or other potential unspecified impact. El sistema de archivos Gluster hasta las versiones 3.12 y 4.1.4 es vulnerable a un desbordamiento de búfer basado en memoria dinámica (heap) en la función "__server_getspec" mediante el mensaje RPC "gf_getspec_req". Un atacante remoto autenticado podría explotar esta vulnerabilidad para provocar una denegación de servicio (DoS) u otro impacto sin especificar. A buffer overflow on the heap was found in gf_getspec_req RPC request. • https://access.redhat.com/errata/RHSA-2018:3431 https://access.redhat.com/errata/RHSA-2018:3432 https://access.redhat.com/errata/RHSA-2018:3470 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14653 https://lists.debian.org/debian-lts-announce/2018/11/msg00003.html https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html https://security.gentoo.org/glsa/201904-06 https://access.redhat.com/security/cve/CVE-2018-14653 https://bugzilla.redhat.com/show_bug.cg • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 8.5EPSS: 0%CPEs: 8EXPL: 0

The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_KEY' xattrop to create arbitrary, empty files on the target server. El sistema de archivos Gluster hasta la versión 4.1.4 es vulnerable al abuso del traductor "features/index". Un atacante remoto con acceso a los volúmenes de montaje podría explotar esta vulnerabilidad mediante el xaatrop "GF_XATTROP_ENTRY_IN_KEY" para crear archivos arbitrarios vacíos en el servidor objetivo. A flaw was found in the way glusterfs server handles client requests. • https://access.redhat.com/errata/RHSA-2018:3431 https://access.redhat.com/errata/RHSA-2018:3432 https://access.redhat.com/errata/RHSA-2018:3470 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14654 https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html https://security.gentoo.org/glsa/201904-06 https://access.redhat.com/security/cve/CVE-2018-14654 https://bugzilla.redhat.com/show_bug.cgi?id=1631576 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.6EPSS: 1%CPEs: 5EXPL: 0

Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page. Conteo de referencias incorrecto en AppCache en Google Chrome en versiones anteriores a la 70.0.3538.67 permitía que un atacante remoto realizase un escape del sandbox mediante una página HTML manipulada. • http://www.securityfocus.com/bid/105666 https://access.redhat.com/errata/RHSA-2018:3004 https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html https://crbug.com/888926 https://security.gentoo.org/glsa/201811-10 https://www.debian.org/security/2018/dsa-4330 https://access.redhat.com/security/cve/CVE-2018-17462 https://bugzilla.redhat.com/show_bug.cgi?id=1640098 • CWE-416: Use After Free •

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0

Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page. La colocación incorrecta de diálogos en Cast UI en Google Chrome en versiones anteriores a la 70.0.3538.67 permitía que un atacante remoto ocultase la advertencia total de pantalla mediante una página HTML manipulada. • http://www.securityfocus.com/bid/105666 https://access.redhat.com/errata/RHSA-2018:3004 https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html https://crbug.com/812769 https://security.gentoo.org/glsa/201811-10 https://www.debian.org/security/2018/dsa-4330 https://access.redhat.com/security/cve/CVE-2018-17476 https://bugzilla.redhat.com/show_bug.cgi?id=1640113 •

CVSS: 8.8EPSS: 97%CPEs: 5EXPL: 5

Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Anotación de efecto secundario en V8 en Google Chrome en versiones anteriores a la 70.0.3538.64 permitía que un atacante remoto ejecutase código arbitrario dentro de un sandbox mediante una página HTML manipulada. Google Chromium V8 Engine contains an unspecified vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. • https://www.exploit-db.com/exploits/48184 https://github.com/jhalon/CVE-2018-17463 https://github.com/kdmarti2/CVE-2018-17463 http://packetstormsecurity.com/files/156640/Google-Chrome-67-68-69-Object.create-Type-Confusion.html http://www.securityfocus.com/bid/105666 https://access.redhat.com/errata/RHSA-2018:3004 https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html https://crbug.com/888923 https://security.gentoo.org/glsa/201811-10 https://www.d •