Page 67 of 1161 results (0.009 seconds)

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0

In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. En la función wmi_set_ie(), el código de validación de longitud no gestiona correctamente los desbordamientos de enteros sin firmar. Como resultado, un gran valor del argumento "ie_len" puede provocar un desbordamiento de búfer en todas las distribuciones de Android de CAF (Android for MSM, Firefox OS for MSM, QRD Android) que utilizan el kernel de Linux. In the function wmi_set_ie() in the Linux kernel the length validation code does not handle unsigned integer overflow properly. • https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html https://source.android.com/security/bulletin/pixel/2018-05-01 https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code- • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-190: Integer Overflow or Wraparound •

CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0

mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes. mainproc.c en GnuPG en versiones anteriores a la 2.2.8 gestiona de manera incorrecta el nombre de archivo original durante las acciones de descifrado y verificación, lo que permite que atacantes remotos suplanten la salida que GnuPG envía en el descriptor de archivo 2 a otros programas que emplean la opción "--status-fd 2". Por ejemplo, los datos OpenPGP podrían representar un nombre de archivo original que contiene caracteres de nueva línea junto con los códigos de estado GOODSIG o VALIDSIG. A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could have other unintended consequences if applications take action(s) based on parsed verbose gnupg output. • http://openwall.com/lists/oss-security/2018/06/08/2 http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html http://seclists.org/fulldisclosure/2019/Apr/38 http://www.openwall.com/lists/oss-security/2019/04/30/4 http://www.securityfocus.com/bid/104450 http://www.securitytracker.com/id/1041051 https://access.redhat.com/errata/RHSA-2018:2180 https://access.redhat.com/errata/RHSA-2018:2181 https://dev.gnupg.org/T4012 https://github.com/RUB-NDS/Johnny&# • CWE-20: Improper Input Validation CWE-706: Use of Incorrectly-Resolved Name or Reference •

CVSS: 8.2EPSS: 0%CPEs: 27EXPL: 0

m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams. m_cat en slirp/mbuf.c en Qemu tiene un desbordamiento de búfer basado en memoria dinámica (heap) mediante los datagramas entrantes fragmentados. A heap buffer overflow issue was found in the way SLiRP networking back-end in QEMU processes fragmented packets. It could occur while reassembling the fragmented datagrams of an incoming packet. A privileged user/process inside guest could use this flaw to crash the QEMU process resulting in DoS or potentially leverage it to execute arbitrary code on the host with privileges of the QEMU process. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Qemu. • http://www.openwall.com/lists/oss-security/2018/06/07/1 http://www.securityfocus.com/bid/104400 https://access.redhat.com/errata/RHSA-2018:2462 https://access.redhat.com/errata/RHSA-2018:2762 https://access.redhat.com/errata/RHSA-2018:2822 https://access.redhat.com/errata/RHSA-2018:2887 https://access.redhat.com/errata/RHSA-2019:2892 https://bugzilla.redhat.com/show_bug.cgi?id=1586245 https://lists.debian.org/debian-lts-announce/2019/05/msg00010.html https://li • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 2%CPEs: 17EXPL: 14

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server. En Git, en versiones anteriores a la 2.13.7, versiones 2.14.x anteriores a la 2.14.4, versiones 2.15.x anteriores a la 2.15.2, versiones 2.16.x anteriores a la 2.16.4 y versiones 2.17.x anteriores a la 2.17.1, puede ocurrir una ejecución remota de código. Con un archivo .gitmodules manipulado, un proyecto malicioso puede ejecutar un script arbitrario en una máquina que ejecuta "git clone --recurse-submodules" debido a que se obtienen "nombres" de subdominios de este archivo y luego se anexa a $GIT_DIR/modules, lo que conduce a un salto de directorio con "../" en un nombre. • https://github.com/Rogdham/CVE-2018-11235 https://github.com/CHYbeta/CVE-2018-11235-DEMO https://github.com/qweraqq/CVE-2018-11235-Git-Submodule-CE https://github.com/j4k0m/CVE-2018-11235 https://github.com/knqyf263/CVE-2018-11235 https://github.com/AnonymKing/CVE-2018-11235 https://github.com/ygouzerh/CVE-2018-11235 https://github.com/vmotos/CVE-2018-11235 https://github.com/xElkomy/CVE-2018-11235 https://github.com/jhswartz/CVE-2018-11235 https://github.com&#x • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.5EPSS: 0%CPEs: 19EXPL: 0

Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8. El texto en texto plano de los correos electrónicos descifrados puede filtrarse si el usuario envía un formulario embebido. Esta vulnerabilidad afecta a las versiones anteriores a la 52.8 de Thunderbird ESR y las versiones anteriores a la 52.8 de Thunderbird. • http://www.securityfocus.com/bid/104240 http://www.securitytracker.com/id/1040946 https://access.redhat.com/errata/RHSA-2018:1725 https://access.redhat.com/errata/RHSA-2018:1726 https://bugzilla.mozilla.org/show_bug.cgi?id=1450345 https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html https://security.gentoo.org/glsa/201811-13 https://usn.ubuntu.com/3660-1 https://www.debian.org/security/2018/dsa-4209 https://www.mozilla.org/security/advisories/mfsa2018-13&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-311: Missing Encryption of Sensitive Data •