Page 61 of 580 results (0.025 seconds)

CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0

The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2(). El analizador Babel en tcpdump versiones anteriores a 4.9.3, presenta una lectura excesiva del búfer en print-babel.c:babel_print_v2(). • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html http://seclists.org/fulldisclosure/2019/Dec/26 https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES https://github.com/the-tcpdump-group/tcpdump/commit/12f66f69f7bf1ec1266ddbee90a7616cbf33696b https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/ • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0

The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option(). El analizador DCCP en tcpdump versiones anteriores a 4.9.3, presenta una lectura excesiva del búfer en print-dccp.c:dccp_print_option(). An out-of-bounds read vulnerability was discovered in tcpdump while printing DCCP packets captured in a pcap file or coming from the network. A remote attacker may abuse this flaw by sending specially crafted packets that, when printed, would trigger the flaw and crash the application. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html http://seclists.org/fulldisclosure/2019/Dec/26 https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES https://github.com/the-tcpdump-group/tcpdump/commit/211124b972e74f0da66bc8b16f181f78793e2f66 https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/ • CWE-125: Out-of-bounds Read •

CVSS: 9.8EPSS: 0%CPEs: 65EXPL: 0

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling. Se descubrió un problema de escritura polimórfica en FasterXML jackson-databind versión 2.0.0 hasta 2.9.10. Cuando la Escritura Predeterminada está habilitada (tanto globalmente o para una propiedad específica) para un end point JSON expuesto externamente y el servicio posee el jar commons-dbcp (versión 1.4) en el classpath, y un atacante puede encontrar un end point de servicio RMI para acceder, es posible lograr que el servicio ejecute una carga maliciosa. • https://access.redhat.com/errata/RHSA-2019:3901 https://access.redhat.com/errata/RHSA-2020:0159 https://access.redhat.com/errata/RHSA-2020:0160 https://access.redhat.com/errata/RHSA-2020:0161 https://access.redhat.com/errata/RHSA-2020:0164 https://access.redhat.com/errata/RHSA-2020:0445 https://github.com/FasterXML/jackson-databind/issues/2478 https://issues.apache.org/jira/browse/GEODE-7255 https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-502: Deserialization of Untrusted Data •

CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0

A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist approach that will mitigate these vulnerabilities and future ones alike. Ha sido descubierto una serie de vulnerabilidades de deserialización en Codehaus versiones 1.9.x implementado en EAP 7. Este CVE corrige los CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489 , CVE-2018-1000873, CVE-2019-12086, reportados para FasterXML jackson-databind mediante implementación de un enfoque de lista blanca que mitigará estas vulnerabilidades y las futuras por igual. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10202 https://lists.apache.org/thread.html/r0fbf2c60967bc9f73d7f5a62ad3b955789f9a14b950f42e99fca9b4e%40%3Cissues.hive.apache.org%3E https://lists.apache.org/thread.html/r1edabcfacdad42d3c830464e9cf07a9a489059a7b7a8642cf055542d%40%3Cissues.hive.apache.org%3E https://lists.apache.org/thread.html/r356592d9874ab4bc9da4754592f8aa6edc894c95e17e58484bc2af7a%40%3Cissues.hive.apache.org%3E https://lists.apache.org/thread.html/r500867b74f42230a3d65b8aec31fc93ac390eeae737c91a759ab94cb%40%3Cissues.hive.apache.org%3E https://list • CWE-502: Deserialization of Untrusted Data •

CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0

A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files. Se encontró un fallo en, todas las versiones por debajo de la 2.0.20, en el registro DEBUG de Undertow para io.undertow.request.security. Si está habilitado, un atacante podría abusar de este fallo para conseguir las credenciales del usuario de los archivos de registro. A flaw was found in the Undertow DEBUG log for io.undertow.request.security. • https://access.redhat.com/errata/RHSA-2019:2998 https://access.redhat.com/errata/RHSA-2020:0727 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10212 https://security.netapp.com/advisory/ntap-20220210-0017 https://access.redhat.com/security/cve/CVE-2019-10212 https://bugzilla.redhat.com/show_bug.cgi?id=1731984 • CWE-532: Insertion of Sensitive Information into Log File •