Page 71 of 3272 results (0.019 seconds)

CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0

A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash samba. Se encontró un fallo de uso de la memoria previamente liberada en todas las versiones del servidor LDAP de samba anteriores a 4.10.17, anteriores a 4.11.11, anteriores a 4.12.4, usado en una configuración AC DC. Un usuario del LDAP de Samba podría usar este fallo para bloquear samba • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00030.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00002.html https://bugzilla.redhat.com/show_bug.cgi?id=1849509%3B https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6YLNQ5GRXUKYRUAOFZ4DUBVN4SMTL6Q2 https://security.gentoo.org/glsa/202007- • CWE-416: Use After Free •

CVSS: 9.3EPSS: 0%CPEs: 9EXPL: 0

When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. Al procesar devoluciones de llamada que ocurrieron durante el vaciado de la ventana en el proceso principal, la ventana asociada puede terminar; causando una condición de uso de la memoria previamente liberada. Esto podría haber conllevado a una corrupción de la memoria y un bloqueo potencialmente explotable. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.html https://bugzilla.mozilla.org/show_bug.cgi?id=1643874 https://security.gentoo.org/glsa/202007-09 https://security.gentoo.org/glsa/202007-10 https://usn.ubuntu.com/4421-1 https://www.mozilla. • CWE-416: Use After Free •

CVSS: 9.3EPSS: 0%CPEs: 9EXPL: 1

When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. Al intentar conectarse a un servidor STUN, una condición de carrera podría haber causado un uso de la memoria previamente liberada de un puntero, conllevando a una corrupción de la memoria y un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Firefox ESR versiones anteriores a 68.10, Firefox versiones anteriores a 78 y Thunderbird versiones anteriores a 68.10.0 The Mozilla Foundation Security Advisory describes this flaw as: When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.html https://bugzilla.mozilla.org/show_bug.cgi?id=1643437 https://security.gentoo.org/glsa/202007-09 https://security.gentoo.org/glsa/202007-10 https://usn.ubuntu.com/4421-1 https://www.mozilla. • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

When constructing a permission prompt for WebRTC, a URI was supplied from the content process. This URI was untrusted, and could have been the URI of an origin that was previously granted permission; bypassing the prompt. This vulnerability affects Firefox < 78. Cuando se construye un aviso de permiso para WebRTC, se suministraba un URI desde el proceso de contenido. Este URI no era confiable, y podría haber sido el URI de un origen que previamente se le concediera permiso; omitiendo el aviso. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.html https://bugzilla.mozilla.org/show_bug.cgi?id=1562600 https://security.gentoo.org/glsa/202007-10 https://www.mozilla.org/security/advisories/mfsa2020-24 https://access.redhat.com/security/cve/CVE-2020-12424 https://bugzilla.redhat.com/show_bug.cgi?id=1872539 • CWE-276: Incorrect Default Permissions CWE-451: User Interface (UI) Misrepresentation of Critical Information •

CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 1

Mozilla developers and community members reported memory safety bugs present in Firefox 77. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 78. Los desarrolladores de Mozilla y los miembros de la comunidad reportaron bugs de seguridad de la memoria presentes en Firefox versión 77. Algunos de estos errores mostraron evidencia de corrupción de la memoria y presumimos que con suficiente esfuerzo algunos de estos podrían haber sido explotados para ejecutar código arbitrario. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00049.html https://bugzilla.mozilla.org/buglist.cgi?bug_id=1608068%2C1609951%2C1631187%2C1637682 https://security.gentoo.org/glsa/202007-10 https://www.mozilla.org/security/advisories/mfsa2020-24 • CWE-787: Out-of-bounds Write •