Page 72 of 1863 results (0.040 seconds)

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1

A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes. Se detectó un fallo en las bibliotecas org.codehaus.jackson:jackson-mapper-asl:1.9.x. Las vulnerabilidades de tipo XML external entity similares a CVE-2016-3720, también afectan a las bibliotecas codehaus jackson-mapper-asl pero en diferentes clases. A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries such that an XML external entity (XXE) vulnerability affects codehaus's jackson-mapper-asl libraries. • https://github.com/rusakovichma/CVE-2019-10172 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10172 https://lists.apache.org/thread.html/r0066c1e862613de402fee04e81cbe00bcd64b64a2711beb9a13c3b25%40%3Ccommits.cassandra.apache.org%3E https://lists.apache.org/thread.html/r04ecadefb27cda84b699130b11b96427f1d8a7a4066d8292f7f15ed8%40%3Ccommon-issues.hadoop.apache.org%3E https://lists.apache.org/thread.html/r08e1b73fabd986dcd2ddd7d09480504d1472264bed2f19b1d2002a9c%40%3Ccommon-issues.hadoop.apache.org%3E https://lists.apache.org/thread.html/r0d8c3e32a0a2d8a0b6118f5 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0

A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the application. Se encontró una vulnerabilidad en Infinispan, de modo que el método invokeAccessibly de la clase pública ReflectionUtil permite que cualquier clase de aplicación invoque métodos privados en cualquier clase con los privilegios de Infinispan. El atacante puede usar la reflexión para introducir un nuevo comportamiento malicioso en la aplicación. • https://access.redhat.com/errata/RHSA-2020:0481 https://access.redhat.com/errata/RHSA-2020:0727 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10174 https://security.netapp.com/advisory/ntap-20220210-0018 https://access.redhat.com/security/cve/CVE-2019-10174 https://bugzilla.redhat.com/show_bug.cgi?id=1703469 • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •

CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0

A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allows attackers to cause a denial of service (memory consumption), aka CID-8ce39eb5a67a. Una pérdida de memoria en la función nfp_flower_spawn_vnic_reprs() en el archivo drivers/net/ethernet/netronome/nfp/flower/main.c en el kernel de Linux versiones anteriores a la versión 5.3.4, permite a atacantes causar una denegación de servicio (consumo de memoria), también se conoce como CID-8ce39eb5a67a. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.4 https://github.com/torvalds/linux/commit/8ce39eb5a67aee25d9f05b40b673c95b23502e3e https://security.netapp.com/advisory/ntap-20191205-0001 • CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 4.9EPSS: 0%CPEs: 11EXPL: 0

A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-a2cdd07488e6. Una pérdida de memoria en la función rtl8xxxu_submit_int_urb() en el archivo drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c en el kernel de Linux versiones hasta la versión 5.3.11, permite a atacantes causar una denegación de servicio (consumo de memoria) al desencadenar fallos de la función usb_submit_urb(), también se conoce como CID-a2cdd07488e6. A flaw was found in the Linux kernel. A memory leak in the realtek driver allows an attacker to cause a denial of service through memory consumption. The highest threat from this vulnerability is to system availability. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html https://github.com/torvalds/linux/commit/a2cdd07488e666aa93a49a3fc9c9b1299e27ef3c https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T https://security.netapp.com/advisory/ntap-20191205-0001 https://usn • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 4.7EPSS: 0%CPEs: 11EXPL: 0

A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures, aka CID-0e62395da2bd. Una pérdida de memoria en la función bfad_im_get_stats() en el archivo drivers/scsi/bfa/bfad_attr.c en el kernel de Linux versiones hasta la versión 5.3.11, permite a atacantes causar una denegación de servicio (consumo de memoria) al desencadenar fallos de la función de bfa_port_get_stats(), también se conoce como CID-0e62395da2bd. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html https://github.com/torvalds/linux/commit/0e62395da2bd5166d7c9e14cbc7503b256a34cb0 https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T • CWE-401: Missing Release of Memory after Effective Lifetime •