Page 72 of 4199 results (0.007 seconds)

CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 0

CVE-2020-12410 – Mozilla: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9

https://notcve.org/view.php?id=CVE-2020-12410

Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. Los desarrolladores de Mozilla reportaron bugs de seguridad de la memoria presentes en Firefox versión 76 y Firefox ESR versión 68.8. Algunos de estos bugs mostraron evidencia de corrupción de la memoria y presumimos que con suficiente esfuerzo algunos de estos podrían haber sido explotados para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1619305%2C1632717 https://usn.ubuntu.com/4421-1 https://www.mozilla.org/security/advisories/mfsa2020-20 https://www.mozilla.org/security/advisories/mfsa2020-21 https://www.mozilla.org/security/advisories/mfsa2020-22 https://access.redhat.com/security/cve/CVE-2020-12410 https://bugzilla.redhat.com/show_bug.cgi?id=1843030 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •

CVSS: 6.1EPSS: 1%CPEs: 13EXPL: 0

CVE-2020-13596

https://notcve.org/view.php?id=CVE-2020-13596

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack. Se detectó un problema en Django versiones 2.2 anteriores a 2.2.13 y versiones 3.0 anteriores a 3.0.7. En casos donde un backend memcached no lleva a cabo una comprobación de la clave, pasa claves de caché maliciosas que podría resultar en una colisión de claves y una potencial filtración de datos. • https://docs.djangoproject.com/en/3.0/releases/security https://groups.google.com/forum/#%21msg/django-announce/pPEmb2ot4Fo/X-SMalYSBAAJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ https://security.netapp.com/advisory/ntap-20200611-0002 https://usn.ubuntu.com/4381-1 https://usn.ubuntu.com/4381-2 https://www.debian.org/security/2020/dsa-4705 https://www.djangoproject.com/weblog/2020/jun/03/security-releases https& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.9EPSS: 0%CPEs: 14EXPL: 0

CVE-2020-13254 – django: potential data leakage via malformed memcached keys

https://notcve.org/view.php?id=CVE-2020-13254

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage. Se detectó un problema en Django versiones 2.2 anteriores a 2.2.13 y versiones 3.0 anteriores a 3.0.7. En casos donde un backend memcached no lleva a cabo una comprobación de la clave, pasa claves de caché maliciosas que podría resultar en una colisión de claves y una potencial filtración de datos. A flaw was found in Django, where the memcached backend does not perform key validation and passes malformed keys. • https://docs.djangoproject.com/en/3.0/releases/security https://groups.google.com/d/msg/django-announce/pPEmb2ot4Fo/X-SMalYSBAAJ https://lists.debian.org/debian-lts-announce/2020/06/msg00016.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ https://security.netapp.com/advisory/ntap-20200611-0002 https://usn.ubuntu.com/4381-1 https://usn.ubuntu.com/4381-2 https://www.debian.org/security/2020/dsa-4705 https:/&#x • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-295: Improper Certificate Validation •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2019-20811 – kernel: net-sysfs: *_queue_add_kobject refcount issue

https://notcve.org/view.php?id=CVE-2019-20811

An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c. Se detectó un problema en el kernel de Linux versiones anteriores a 5.0.6. En la funciones rx_queue_add_kobject() y netdev_queue_add_kobject() en el archivo net/core/net-sysfs.c, un reconteo de referencias es manejado inapropiadamente, también se conoce como CID-a3e23f719f5c. A flaw was found in the way the rx_queue_add_kobject and netdev_queue_add_kobject functions in the Linux kernel handled refcounting of certain objects. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.6 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a3e23f719f5c4a38ffb3d30c8d7632a4ed8ccd9e https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://usn.ubuntu.com/4527-1 https://www.debian.org/security/2020/dsa-4698 https://access.redhat.com/security/cve/CVE-2019-20811 https://bugzilla.redhat.com/show_bug.cgi?id=1846439 • CWE-460: Improper Cleanup on Thrown Exception •

CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0

CVE-2019-20810

https://notcve.org/view.php?id=CVE-2019-20810

go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel before 5.6 does not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586. La función go7007_snd_init en el archivo driversdrivers/media/usb/go7007/snd-go7007.c en el kernel de Linux versiones anteriores a 5.6, no llama a snd_card_free para una ruta de fallo, lo que causa una pérdida de memoria, también se conoce como CID-9453264ef586. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9453264ef58638ce8976121ac44c07a3ef375983 https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html https://usn.ubuntu.com/4427-1 https://usn.ubuntu.com/4439-1 https://usn.ubuntu.com/4440 • CWE-401: Missing Release of Memory after Effective Lifetime •