Page 7 of 1918 results (0.011 seconds)

CVSS: 6.4EPSS: 0%CPEs: 6EXPL: 0

24 Feb 2022 — A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data in the case of a slow or blocked destination. Se ha encontrado una vulnerabilidad de uso de memoria previamente liberada en usbredir en versiones anteriores a 0.11.0, en la función usbredirparser_serialize() en el archivo usbredirparser/usbredirparser.c. Este problema es producido cuando ... • https://bugzilla.redhat.com/show_bug.cgi?id=1992830 • CWE-416: Use After Free •

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1

24 Feb 2022 — A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCreatePushParserCtxt() and uses the value directly, which leads to a crash and segmentation fault. Se ha encontrado un fallo de desreferencia de puntero NULL en ImageMagick en versiones anteriores a 7.0.10-31 en la función ReadSVGImage() en el archivo coders/svg.c. Este problema es debido a que no es comprobado el valo... • https://bugzilla.redhat.com/show_bug.cgi?id=1970569 • CWE-476: NULL Pointer Dereference •

CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 1

16 Feb 2022 — A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks. Un fallo en netfilter podría permitir a un atacante conectado a la red inferir información del endpoint de la conexión openvpn para su posterior uso en ataques de red tradicionales Red Hat Advanced Cluster Management for Kubernetes 2.5.0 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges tha... • https://github.com/d0rb/CVE-2021-3773 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 2

09 Feb 2022 — A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. Se ha encontrado un fallo en Unzip. La vulnerabilidad se produce durante la conversión de una cadena amplia a una cadena local que conduce a un montón de escritura fuera de límites. • https://github.com/nanaao/unzip_poc • CWE-787: Out-of-bounds Write •

CVSS: 5.5EPSS: 0%CPEs: 23EXPL: 1

09 Feb 2022 — A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. Se ha encontrado un fallo en Unzip. La vulnerabilidad se produce durante la conversión de una cadena amplia a una cadena local que conduce a un montón de escritura fuera de límites. • http://seclists.org/fulldisclosure/2022/May/33 •

CVSS: 7.8EPSS: 88%CPEs: 56EXPL: 182

25 Jan 2022 — A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfull... • https://packetstorm.news/files/id/166196 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 3

20 Jan 2022 — AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow. AIDE versiones anteriores a 0.17.4, permite a usuarios locales obtener privilegios de root por medio de metadatos de archivo diseñados (como atributos extendidos de XFS o ACLs de tmpfs), debido a un desbordamiento de búfer en la región heap de la memoria A heap-based buffer overflow vulnerability in the base64 functions of AIDE, a... • http://www.openwall.com/lists/oss-security/2022/01/20/3 • CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 72%CPEs: 72EXPL: 1

14 Dec 2021 — JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in Au... • https://github.com/cckuailong/log4shell_1.x • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •

CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0

18 Nov 2021 — In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR. En la rutina RGBtoXYZ() del archivo ImfChromaticities.cpp, se presentan algunas operaciones de división como "float Z = (1 - chroma.w... • https://bugzilla.redhat.com/show_bug.cgi?id=2019789 • CWE-369: Divide By Zero •

CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0

16 Nov 2021 — A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This flaw affects wildfly-core versions prior to 17.0. Se ha encontrado un fallo en Wildfly. • https://bugzilla.redhat.com/show_bug.cgi?id=1991305 • CWE-552: Files or Directories Accessible to External Parties •