Page 68 of 510 results (0.015 seconds)

CVSS: 4.3EPSS: 0%CPEs: 25EXPL: 0

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via FTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. • http://www.debian.org/security/2017/dsa-3858 http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html http://www.securityfocus.com/bid/97740 http://www.securitytracker.com/id/1038286 https://access.redhat.com/errata/RHSA-2017:1108 https://access.redhat.com/errata/RHSA-2017:1109 https://access.redhat.com/errata/RHSA-2017:1117 https://access.redhat.com/errata/RHSA-2017:1118 https://access.redhat.com/errata/RHSA-2017:1119 https://access.redhat.com/errata/RHS • CWE-20: Improper Input Validation •

CVSS: 9.8EPSS: 87%CPEs: 174EXPL: 1

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. En Apache Log4j 2.x en versiones anteriores a 2.8.2, cuando se utiliza el servidor de socket TCP o el servidor de socket UDP para recibir sucesos de registro serializados de otra aplicación, puede enviarse una carga binaria especialmente diseñada que, cuando se deserializa, puede ejecutar código arbitrario. It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. • https://github.com/pimps/CVE-2017-5645 http://www.openwall.com/lists/oss-security/2019/12/19/2 http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/97702 http://www.securitytracker.com/id/1040200 http://www.securit • CWE-502: Deserialization of Untrusted Data •

CVSS: 5.9EPSS: 10%CPEs: 47EXPL: 0

A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8. Una consulta con un conjunto determinado de características podría provocar que un servidor que emplea DNS64 se encuentre con un fallo de aserción y termine. Un atacante podría construir deliberadamente una consulta, habilitando una denegación de servicio (DoS) contra un servidor si está configurado para emplear la característica DNS64 y se cumplen otras precondiciones. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html http://www.securityfocus.com/bid/97653 http://www.securitytracker.com/id/1038259 https://access.redhat.com/errata/RHSA-2017:1095 https://access.redhat.com/errata/RHSA-2017:1105 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us https://kb.isc.org/docs/aa-01465 https://security.gentoo. • CWE-617: Reachable Assertion •

CVSS: 7.5EPSS: 22%CPEs: 39EXPL: 0

Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8. Las asunciones equivocadas sobre el orden de los registros en la sección de respuesta de una respuesta que contiene registros de recursos CNAME o DNAME podría conducir a una situación en la que named se cerraría con un fallo de aserción al procesar una respuesta en la que los registros ocurrieron en un orden inusual. Afecta a BIND en versiones 9.9.9-P6, desde la versión 9.9.10b1 hasta la 9.9.10rc1, la versión 9.10.4-P6, desde la versión 9.10.5b1 hasta la 9.10.5rc1, la versión 9.11.0-P3, desde la versión 9.11.1b1 hasta la 9.11.1rc1 y en la versión 9.9.9-S8. A denial of service flaw was found in the way BIND handled a query response containing CNAME or DNAME resource records in an unusual order. • http://www.securityfocus.com/bid/97651 http://www.securitytracker.com/id/1038258 http://www.securitytracker.com/id/1040195 https://access.redhat.com/errata/RHSA-2017:1095 https://access.redhat.com/errata/RHSA-2017:1105 https://access.redhat.com/errata/RHSA-2017:1582 https://access.redhat.com/errata/RHSA-2017:1583 https://kb.isc.org/docs/aa-01466 https://security.gentoo.org/glsa/201708-01 https://security.netapp.com/advisory/ntap-20180802-0002 https://www.debian.org& • CWE-617: Reachable Assertion •

CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 4

In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution. En glibc 2.26 y anteriores existe una confusión en el uso de getcwd() por realpath(), que puede emplearse para escribir antes del búfer de destino. Esto conduce a un subdesbordamiento de búfer y a una potencial ejecución de código. glibc suffers from a getcwd() local privilege escalation vulnerability. • https://www.exploit-db.com/exploits/44889 https://www.exploit-db.com/exploits/43775 https://github.com/0x00-0x00/CVE-2018-1000001 https://github.com/usernameid0/tools-for-CVE-2018-1000001 http://seclists.org/oss-sec/2018/q1/38 http://www.securityfocus.com/bid/102525 http://www.securitytracker.com/id/1040162 https://access.redhat.com/errata/RHSA-2018:0805 https://security.netapp.com/advisory/ntap-20190404-0003 https://usn.ubuntu.com/3534-1 https://usn.ubuntu.com • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •