Page 65 of 4202 results (0.013 seconds)

CVSS: 7.5EPSS: 14%CPEs: 74EXPL: 2

CVE-2020-13935 – tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS

https://notcve.org/view.php?id=CVE-2020-13935

The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. La longitud de la carga útil en una trama de WebSocket no fue comprobada correctamente en Apache Tomcat versiones 10.0.0-M1 hasta 10.0.0-M6, versiones 9.0.0.M1 hasta 9.0.36, versiones 8.5.0 hasta 8.5.56 y versiones 7.0.27 hasta 7.0. 104. Las longitudes de carga útil no válidas podrían desencadenar un bucle infinito. • https://github.com/RedTeamPentesting/CVE-2020-13935 https://github.com/aabbcc19191/CVE-2020-13935 http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00084.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00088.html https://kc.mcafee.com/corporate/index?page=content&id=SB10332 https://lists.apache.org/thread.html/r4e5d3c09f4dd2923191e972408b40fb8b42dbff0bc7904d44b651e50%40%3Cusers.tomcat.apache.org%3E https://lists.apache.org/thread.html/rd48c72bd3255bda87564d4da3791517c074d94f8a701f93b85752651%40%3Cannounce& • CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 7.5EPSS: 91%CPEs: 54EXPL: 0

CVE-2020-13934 – tomcat: OutOfMemoryException caused by HTTP/2 connection leak could lead to DoS

https://notcve.org/view.php?id=CVE-2020-13934

An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service. Una conexión directa h2c a Apache Tomcat versiones 10.0.0-M1 hasta 10.0.0-M6, versiones 9.0.0.M5 hasta 9.0.36 y versiones 8.5.1 hasta 8.5.56, no publicó el procesador HTTP/1.1 después de la actualización a HTTP/2. Si un número suficiente de tales peticiones fueron hechas, podría ocurrir una OutOfMemoryException conllevando a una denegación de servicio A flaw was found in Apache Tomcat, where an h2c direct connection did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests are made, an OutOfMemoryException could occur, leading to a denial of service. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00084.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00088.html https://lists.apache.org/thread.html/r61f411cf82488d6ec213063fc15feeeb88e31b0ca9c29652ee4f962e%40%3Cannounce.tomcat.apache.org%3E https://lists.apache.org/thread.html/ra072b1f786e7d139e86f1d1145572e0ff71cef38a96d9c6f5362aac8%40%3Cdev.tomcat.apache.org%3E https://lists.debian.org/debian-lts-announce/2020/07/msg00017.html https://security.netapp.com/advisory/ntap-20200724-0003 https://usn • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime CWE-476: NULL Pointer Dereference •

CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0

CVE-2020-13753

https://notcve.org/view.php?id=CVE-2020-13753

The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal's input buffer, similar to CVE-2017-5226. El sandbox bubblewrap de WebKitGTK y WPE WebKit, versiones anteriores a 2.28.3, no pudo bloquear apropiadamente el acceso a CLONE_NEWUSER y al ioctl TIOCSTI. CLONE_NEWUSER podría ser usada potencialmente para confundir xdg-desktop-portal, que permite el acceso fuera del sandbox. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00074.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GER2ATKZXDHM7FFYJH67ZPNZZX5VOUVM https://security.gentoo.org/glsa/202007-11 https://trac.webkit.org/changeset/262368/webkit https://usn.ubuntu.com/4422-1 https://www.debian.org/security/2020/dsa-4724 https://www.openwall.com/lists/oss-security/2020/07/10/1 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 1%CPEs: 17EXPL: 0

CVE-2019-20907 – python: infinite loop in the tarfile module via crafted TAR archive

https://notcve.org/view.php?id=CVE-2019-20907

In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. En la biblioteca Lib/tarfile.py en Python versiones hasta 3.8.3, un atacante puede diseñar un archivo TAR conllevando a un bucle infinito cuando se abrió mediante tarfile.open, porque la función _proc_pax carece de comprobación de encabezado A flaw was found in python. In Lib/tarfile.py an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00051.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00053.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00056.html https://bugs.python.org/issue39017 https://github.com/python/cpython/pull/21454 https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html https://lists.debian.org/debian-lts-announce/2020/ • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0

CVE-2020-10756 – QEMU SLiRP Networking Out-Of-Bounds Read Information Disclosure Vulnerability

https://notcve.org/view.php?id=CVE-2020-10756

An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1. Se encontró una vulnerabilidad de lectura fuera de límites en la implementación de red SLiRP del emulador QEMU. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00040.html https://bugzilla.redhat.com/show_bug.cgi?id=1835986 https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYTZ32P67PZER6P7TW6FQK3SZRKQLVEI https://security.netapp.com/advisory/ntap-20201001-0001 https://usn.ubuntu.com/4437-1 https://usn.ubuntu.com/ • CWE-125: Out-of-bounds Read •