Page 76 of 1900 results (0.010 seconds)

CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0

CVE-2020-0556 – bluez: Improper access control in subsystem could result in privilege escalation and DoS

https://notcve.org/view.php?id=CVE-2020-0556

Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access El control de acceso incorrecto en el subsistema para BlueZ anterior a la versión 5.54 puede permitir que un usuario no autenticado permita potencialmente la escalada de privilegios y la denegación de servicio a través del acceso adyacente • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00055.html https://lists.debian.org/debian-lts-announce/2020/06/msg00008.html https://security.gentoo.org/glsa/202003-49 https://usn.ubuntu.com/4311-1 https://www.debian.org/security/2020/dsa-4647 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html https://access.redhat.com/security/cve/CVE-2020-0556 https • CWE-266: Incorrect Privilege Assignment •

CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0

CVE-2020-6814 – Mozilla: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6

https://notcve.org/view.php?id=CVE-2020-6814

Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. Los desarrolladores de Mozilla reportaron bugs de seguridad de la memoria presentes en Firefox y Thunderbird versión 68.5. Algunos de estos bugs mostraron evidencia de corrupción de la memoria y presumimos que con un esfuerzo suficiente algunos de estos podrían haber sido explotados para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1592078%2C1604847%2C1608256%2C1612636%2C1614339 https://usn.ubuntu.com/4328-1 https://usn.ubuntu.com/4335-1 https://www.mozilla.org/security/advisories/mfsa2020-08 https://www.mozilla.org/security/advisories/mfsa2020-09 https://www.mozilla.org/security/advisories/mfsa2020-10 https://access.redhat.com/security/cve/CVE-2020-6814 https://bugzilla.redhat.com/show_bug.cgi?id=1812205 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 52%CPEs: 6EXPL: 0

CVE-2020-6806 – Mozilla: BodyStream:: OnInputStreamReady was missing protections against state confusion

https://notcve.org/view.php?id=CVE-2020-6806

By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. Al diseñar cuidadosamente las resoluciones de promesas, fue posible causar una lectura fuera de límites al final de una matriz redimensionada durante la ejecución del script. Esto podría haber conllevado a daños en la memoria y a un bloqueo potencialmente explotable. • http://packetstormsecurity.com/files/157524/Firefox-js-ReadableStreamCloseInternal-Out-Of-Bounds-Access.html https://bugzilla.mozilla.org/show_bug.cgi?id=1612308 https://usn.ubuntu.com/4328-1 https://usn.ubuntu.com/4335-1 https://www.mozilla.org/security/advisories/mfsa2020-08 https://www.mozilla.org/security/advisories/mfsa2020-09 https://www.mozilla.org/security/advisories/mfsa2020-10 https://access.redhat.com/security/cve/CVE-2020-6806 https://bugzilla.redhat.com/show_bug.cgi?id=1812 • CWE-125: Out-of-bounds Read •

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0

CVE-2020-6807 – Mozilla: Use-after-free in cubeb during stream destruction

https://notcve.org/view.php?id=CVE-2020-6807

When a device was changed while a stream was about to be destroyed, the <code>stream-reinit</code> task may have been executed after the stream was destroyed, causing a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. Cuando un dispositivo fue cambiado mientras una secuencia estaba a punto de ser destruida, la tarea <code>stream-reinit</code> pudo haberse ejecutado después de que la secuencia fue destruida, causando un uso de la memoria previamente liberada y un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 68.6, Firefox versiones anteriores a 74, Firefox versiones anteriores a ESR68.6 y Firefox ESR versiones anteriores a 68.6. The Mozilla Foundation Security Advisory describes this flaw as: When a device was changed while a stream was about to be destroyed, the `stream-reinit` task may have been executed after the stream was destroyed, causing a use-after-free and a potentially exploitable crash. • https://bugzilla.mozilla.org/show_bug.cgi?id=1614971 https://usn.ubuntu.com/4328-1 https://usn.ubuntu.com/4335-1 https://www.mozilla.org/security/advisories/mfsa2020-08 https://www.mozilla.org/security/advisories/mfsa2020-09 https://www.mozilla.org/security/advisories/mfsa2020-10 https://access.redhat.com/security/cve/CVE-2020-6807 https://bugzilla.redhat.com/show_bug.cgi?id=1812201 • CWE-416: Use After Free •

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0

CVE-2020-6805 – Mozilla: Use-after-free when removing data about origins

https://notcve.org/view.php?id=CVE-2020-6805

When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. Cuando se eliminan datos sobre un origen cuya pestaña se cerró recientemente, podría presentarse un uso de la memoria previamente liberada en el administrador de Quota, resultando en un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 68.6, Firefox versiones anteriores a 74, Firefox versiones anteriores a ESR68.6 y Firefox ESR versiones anteriores a 68.6. The Mozilla Foundation Security Advisory describes this flaw as: When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash. • https://bugzilla.mozilla.org/show_bug.cgi?id=1610880 https://usn.ubuntu.com/4328-1 https://usn.ubuntu.com/4335-1 https://www.mozilla.org/security/advisories/mfsa2020-08 https://www.mozilla.org/security/advisories/mfsa2020-09 https://www.mozilla.org/security/advisories/mfsa2020-10 https://access.redhat.com/security/cve/CVE-2020-6805 https://bugzilla.redhat.com/show_bug.cgi?id=1812199 • CWE-416: Use After Free •