Page 84 of 880 results (0.005 seconds)

CVSS: 8.6EPSS: 0%CPEs: 6EXPL: 1

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. A specially crafted pixel shader can cause out-of-bounds memory read. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host. Se presenta una vulnerabilidad de lectura fuera de límites explotable en el controlador AMD ATIDXX64.DLL, versión 26.20.13001.29010. • https://talosintelligence.com/vulnerability_reports/TALOS-2019-0890 • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 45%CPEs: 8EXPL: 1

Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing. Pivotal RabbitMQ, versiones 3.7.x anteriores a 3.7.21 y versiones 3.8.x anteriores a 3.8.1, y RabbitMQ para Pivotal Platform, versiones 1.16.x anteriores a 1.16.7 y versiones 1.17.x versiones anteriores a 1.17.4, contienen un plugin de administración web que es vulnerable a un ataque de denegación de servicio. El encabezado "X-Reason" de HTTP puede ser aprovechado para insertar una cadena de formato Erlang maliciosa que expandirá y consumirá la pila, resultando en el bloqueo del servidor. A resource-consumption flaw was identified in the rabbitmq-server web management plugin. • https://access.redhat.com/errata/RHSA-2020:0078 https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-11287-DoS%20via%20Heap%20Overflow-RabbitMQ%20Web%20Management%20Plugin https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EEQ6O7PMNJKYFMQYHAB55L423GYK63SO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYTGR3D5FW2O25RXZOTIZMOD2HAUVBE4 https://pivotal.io/security/cve-2 • CWE-20: Improper Input Validation CWE-134: Use of Externally-Controlled Format String CWE-400: Uncontrolled Resource Consumption •

CVSS: 4.8EPSS: 0%CPEs: 5EXPL: 0

Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack via the vhost or node name fields that could grant access to virtual hosts and policy management information. Pivotal RabbitMQ, versiones 3.7 anteriores a v3.7.20 y versiones 3.8 anteriores a v3.8.1, y RabbitMQ para PCF, versiones 1.16.x anteriores a 1.16.7 y versiones 1.17.x anteriores a 1.17.4, contienen dos endpoints, federation y shovel, que no sanean apropiadamente la entrada de usuario. Un usuario malicioso autenticado remoto con acceso administrativo podría crear un ataque de tipo cross site scripting por medio de los campos vhost o node name, lo que podría otorgar acceso a los hosts virtuales e información de administración de políticas. A flaw was discovered in rabbitmq-server where two endpoints, federation and shovel, do not properly sanitize user input. • https://access.redhat.com/errata/RHSA-2020:0553 https://pivotal.io/security/cve-2019-11291 https://access.redhat.com/security/cve/CVE-2019-11291 https://bugzilla.redhat.com/show_bug.cgi?id=1783327 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0

VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain a denial-of-service vulnerability in the RPC handler. Successful exploitation of this issue may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. VMware Workstation (versiones 15.x anteriores a 15.5.1) y Fusion (versiones 11.x anteriores a 11.5.1), contienen una vulnerabilidad de denegación de servicio en el controlador RPC. Una explotación con éxito de este problema puede permitir a atacantes con privilegios de usuario normales crear una condición de denegación de servicio en su propia VM. • https://www.vmware.com/security/advisories/VMSA-2019-0021.html •

CVSS: 7.7EPSS: 0%CPEs: 3EXPL: 0

VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an information disclosure vulnerability in vmnetdhcp. Successful exploitation of this issue may allow an attacker on a guest VM to disclose sensitive information by leaking memory from the host process. VMware Workstation (versiones 15.x anteriores a 15.5.1) y Fusion (versiones 11.x anteriores a 11.5.1), contienen una vulnerabilidad de divulgación de información en vmnetdhcp. Una explotación con éxito de este problema puede permitir a un atacante, en una máquina virtual invitada, revelar información confidencial mediante la perdida de memoria del proceso del host. • https://www.vmware.com/security/advisories/VMSA-2019-0021.html • CWE-401: Missing Release of Memory after Effective Lifetime •