Page 70 of 1916 results (0.009 seconds)

CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 2

An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code. Un problema fue descubierto en Apport en versiones anteriores a 2.20.4. En apport/ui.py, Apport lee el campo CashDB y después evalúa el campo como código Python si comienza con un "{". • https://www.exploit-db.com/exploits/40937 http://www.securityfocus.com/bid/95011 http://www.ubuntu.com/usn/USN-3157-1 https://bugs.launchpad.net/apport/+bug/1648806 https://donncha.is/2016/12/compromising-ubuntu-desktop https://github.com/DonnchaC/ubuntu-apport-exploitation • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 5

Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions. Condición de carrera en net/packet/af_packet.c en el kernel de Linux hasta la versión 4.8.12 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (uso después de liberación de memoria) aprovechando la capacidad CAP_NET_RAW de cambiar una versión socket, relacionado con las funciones packet_set_ring y packet_setsockopt. A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system. • https://www.exploit-db.com/exploits/44696 https://www.exploit-db.com/exploits/40871 https://www.exploit-db.com/exploits/47170 https://github.com/LakshmiDesai/CVE-2016-8655 https://github.com/KosukeShimofuji/CVE-2016-8655 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=84ac7260236a49c79eede91617700174c2c19b0c http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00054.html http://l • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •

CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0

Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el link de diálogo en el editor de GUI en MoinMoin en versiones anteriores a 1.9.8 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios mediante vectores no especificados. • http://www.debian.org/security/2016/dsa-3715 http://www.securityfocus.com/bid/94501 http://www.ubuntu.com/usn/USN-3137-1 https://moinmo.in/SecurityFixes • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.3EPSS: 0%CPEs: 8EXPL: 0

The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure. La función xc2028_set_config en drivers/media/tuners/tuner-xc2028.c en el kernel de Linux en versiones anteriores a 4.6 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (uso después de liberación de memoria) mediante vectores que implican la omisión del nombre de firmware de una determinada estructura de datos. The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8dfbcc4351a0b6d2f2d77f367552f48ffefafe18 http://source.android.com/security/bulletin/2016-11-01.html http://www.securityfocus.com/bid/94201 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2019:1170 https://access.redhat.com/errata/RHSA-2019:1190 https://github.com/torvalds/linux/commit/8dfbcc4351a0b6d2f2d77f367552f48ffefafe18 https://usn&# • CWE-416: Use After Free •

CVSS: 6.7EPSS: 0%CPEs: 6EXPL: 1

libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document. libxml2 2.9.4 y versiones anteriores, como se usa en XMLSec 1.2.23 y versiones anteriores y otros productos, no ofrece un indicador que indique directamente que el documento actual puede ser leido pero otros archivos no pueden ser abiertos, lo que facilita a atacantes remotos llevar a cabo ataques XML External Entity (XXE) a través de un documento manipulado. • http://www.securityfocus.com/bid/94347 https://bugzilla.gnome.org/show_bug.cgi?id=772726 https://github.com/lsh123/xmlsec/issues/43 https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html https://security.gentoo.org/glsa/201711-01 https://usn.ubuntu.com/3739-1 https://usn.ubuntu.com/3739-2 https://access.redhat.com/security/cve/CVE-2016-9318 https://bugzilla.redhat.com/show_bug.cgi?id=1395609 • CWE-611: Improper Restriction of XML External Entity Reference •