Page 7 of 65 results (0.013 seconds)

CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0

Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege. Varios problemas en ld64 en las cadenas de herramientas de Xcode fueron abordados mediante la actualización de la versión ld64-507.4. Este problema es corregido en Xcode versión 11.0. • https://support.apple.com/HT210609 • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0

Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege. Varios problemas en ld64 en las cadenas de herramientas Xcode fueron abordados mediante la actualización de la versión ld64-507.4. Este problema es corregido en Xcode versión 11.0. • https://support.apple.com/HT210609 • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

A memory corruption issue was addressed with improved state management. This issue is fixed in Xcode 11.0. Processing a maliciously crafted file may lead to arbitrary code execution. Un problema de corrupción de memoria fue abordado mejorando la gestión del estado. Este problema es corregido en Xcode versión 11.0. • https://support.apple.com/HT210609 • CWE-787: Out-of-bounds Write •

CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0

Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege. Varios problemas en ld64 en las cadenas de herramientas Xcode fueron abordados mediante la actualización de la versión ld64-507.4. Este problema es corregido en Xcode versión 11.0. • https://support.apple.com/HT210609 • CWE-20: Improper Input Validation •

CVSS: 9.8EPSS: 1%CPEs: 61EXPL: 0

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution. El archivo SubTypeValidator.java en jackson-databind de FasterXML en versiones anteriores a la 2.9.9.2 maneja inapropiadamente la escritura predeterminada cuando se usa ehcache (debido a net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), lo que conlleva a la ejecución de código remoto. A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache and logback JNDI gadgets when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code. • http://seclists.org/fulldisclosure/2022/Mar/23 https://access.redhat.com/errata/RHBA-2019:2824 https://access.redhat.com/errata/RHSA-2019:2743 https://access.redhat.com/errata/RHSA-2019:2858 https://access.redhat.com/errata/RHSA-2019:2935 https://access.redhat.com/errata/RHSA-2019:2936 https://access.redhat.com/errata/RHSA-2019:2937 https://access.redhat.com/errata/RHSA-2019:2938 https://access.redhat.com/errata/RHSA-2019:2998 https://access.redhat.com/errata/RHSA-2 • CWE-502: Deserialization of Untrusted Data CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •