Page 82 of 4199 results (0.019 seconds)

CVSS: 5.9EPSS: 0%CPEs: 20EXPL: 0

A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10711 https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://security.netapp.com/advisory/ntap-20200608-0001 https://usn.ubuntu.com/4411-1 https://usn.ubuntu.com/4412-1 https://usn.ubuntu.com/4413-1 https://usn.ubuntu.com/4414-1 https://usn.ubuntu& • CWE-476: NULL Pointer Dereference •

CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 2

A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat. Se detectó un problema de control de acceso de señal en el kernel de Linux versiones anteriores a 5.6.5, se conoce como CID-7395ea4e65c2. • https://bugzilla.redhat.com/show_bug.cgi?id=1822077 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.5 https://github.com/torvalds/linux/commit/7395ea4e65c2a00d23185a3f63ad315756ba9cef https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html https://lists.openwall.net/linux-kernel/2020/03/24/1803 https://security.netapp.com/advisory/ntap-20200608-0001 https://usn.ubuntu.com/4367-1 https://u • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-190: Integer Overflow or Wraparound •

CVSS: 3.5EPSS: 0%CPEs: 7EXPL: 0

In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read. As a result, a manipulated client or server might force a disconnect due to an invalid data read. This has been fixed in 2.0.0. En FreeRDP versiones posteriores a 1.1 y anteriores a 2.0.0, una búsqueda fuera de límites de flujo de datos en rdp_read_font_capability_set podría conllevar a una posterior lectura fuera de límites. Como resultado, un cliente o servidor manipulado podría forzar una desconexión debido a una lectura de datos no válida. • https://github.com/FreeRDP/FreeRDP/commit/3627aaf7d289315b614a584afb388f04abfb5bbf https://github.com/FreeRDP/FreeRDP/issues/6011 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wjg2-2f82-466g https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://usn.ubuntu.com/4379-1 https://usn.ubuntu.com/4382-1 https://access.redhat.com/security/cve/CVE-2020-11058 https://bugzilla.redhat.com/show_bug&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0

By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird < 68.8.0. Al codificar caracteres de espacio en blanco Unicode dentro del encabezado del correo electrónico From, un atacante puede suplantar la dirección de correo electrónico del remitente que despliega Thunderbird. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 68.8.0. • https://bugzilla.mozilla.org/show_bug.cgi?id=1617370 https://security.gentoo.org/glsa/202005-03 https://usn.ubuntu.com/4373-1 https://www.mozilla.org/security/advisories/mfsa2020-18 https://access.redhat.com/security/cve/CVE-2020-12397 https://bugzilla.redhat.com/show_bug.cgi?id=1832565 • CWE-172: Encoding Error CWE-346: Origin Validation Error •

CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 1

Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c. Exim versiones hasta 4.93, presenta una lectura fuera de límites en el autenticador SPA lo que podría resultar en una omisión de la autenticación SPA/NTLM en los archivos auths/spa.c y auths/auth-spa.c. • http://www.openwall.com/lists/oss-security/2021/05/04/7 https://bugs.exim.org/show_bug.cgi?id=2571 https://git.exim.org/exim.git/commit/57aa14b216432be381b6295c312065b2fd034f86 https://git.exim.org/exim.git/commit/a04174dc2a84ae1008c23b6a7109e7fa3fb7b8b0 https://lists.debian.org/debian-lts-announce/2020/05/msg00017.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F6IQQ2SERFUD4WMRSX6XYDNK7Q4GPT7Y https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora • CWE-125: Out-of-bounds Read •