Page 69 of 1834 results (0.031 seconds)

CVSS: 5.0EPSS: 0%CPEs: 13EXPL: 0

In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148705132 En la función exif_data_save_data_entry del archivo exif-data.c, se presenta una posible lectura fuera de límites debido a una falta de comprobación de límites. Esto podría conllevar a una divulgación de información local sin ser necesarios privilegios de ejecución adicionales. Es requerida una interacción del usuario para su explotación. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html https://lists.debian.org/debian-lts-announce/2020/05/msg00016.html https://security.gentoo.org/glsa/202007-05 https://source.android.com/security/bulletin/2020-05-01 https://usn.ubuntu.com/4396-1 https://access.redhat.com/security/cve/CVE-2020-0093 https://bugzilla.redhat.com/show_bug.cgi?id=1852487 • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0

A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacker could exploit this vulnerability by sending a crafted ARJ file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. Una vulnerabilidad en el módulo de análisis de archivos ARJ en Clam AntiVirus (ClamAV) Software versiones 0.102.2, podría permitir a un atacante no autenticado remoto causar una condición de denegación de servicio sobre un dispositivo afectado. • https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html https://lists.debian.org/debian-lts-announce/2020/05/msg00018.html https://lists.debian.org/debian-lts-announce/2020/08/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BMTC7I5LGY4FCIZLHPNC4WWC6VNLFER https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IJ67VH37NCG25PICGWFWZHSVG7PBT7MC https://lists.fedoraproject.org/archives/list/package-announce%40lists.f • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0

A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. Una vulnerabilidad en el módulo de análisis de archivos PDF en Clam AntiVirus (ClamAV) Software versiones 0.101 hasta 0.102.2, podría permitir a un atacante no autenticado remoto causar una condición de denegación de servicio sobre un dispositivo afectado. • https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html https://lists.debian.org/debian-lts-announce/2020/05/msg00018.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BMTC7I5LGY4FCIZLHPNC4WWC6VNLFER https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5YWYT27SBTV4RZSGFHIQUI4LQVFASWS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROBJOGJOT44MVDX7RQEACYHQN4LYW5RK https://usn.ubuntu.com/ • CWE-20: Improper Input Validation •

CVSS: 3.3EPSS: 0%CPEs: 5EXPL: 0

An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or audio-record via unloading the pulseaudio snap policy module. This issue affects: pulseaudio 1:8.0 versions prior to 1:8.0-0ubuntu3.12; 1:11.1 versions prior to 1:11.1-1ubuntu7.7; 1:13.0 versions prior to 1:13.0-1ubuntu1.2; 1:13.99.1 versions prior to 1:13.99.1-1ubuntu3.2; Una modificación específica de Ubuntu para Pulseaudio para proporcionar mediación de seguridad para aplicaciones empaquetadas de Snap se encontró que presenta una omisión de la restricción de acceso prevista para los snaps que conecta cualquiera pulseaudio, audio-playback o audio-record mediante la descarga del módulo de la política de snap de pulseaudio. Este problema afecta a: pulseaudio versiones 1:8.0 anteriores a 1:8.0-0ubuntu3.12; versiones 1:11.1 anteriores a 1:11.1-1ubuntu7.7; versiones 1:13.0 anteriores a 1:13.0-1ubuntu1.2; versiones 1:13.99.1 anteriores a 1:13.99.1-1ubuntu3.2; • https://forum.snapcraft.io/t/audio-switcher-pulseaudio-interface-auto-connect-request/16648/3 https://usn.ubuntu.com/4355-1 • CWE-284: Improper Access Control CWE-668: Exposure of Resource to Wrong Sphere •

CVSS: 5.9EPSS: 0%CPEs: 20EXPL: 0

A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10711 https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://security.netapp.com/advisory/ntap-20200608-0001 https://usn.ubuntu.com/4411-1 https://usn.ubuntu.com/4412-1 https://usn.ubuntu.com/4413-1 https://usn.ubuntu.com/4414-1 https://usn.ubuntu& • CWE-476: NULL Pointer Dereference •