Page 85 of 1994 results (0.014 seconds)

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0

LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR LibVNC en versiones anteriores a la 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contiene múltiples debilidades CWE-665: inicialización incorrecta en el código del cliente VNC que permite que el atacante lea memoria de la pila y puede abusarse para divulgar información. Si se combina con otra vulnerabilidad, puede emplearse para filtrar la distribución de la memoria de la pila y omitir ASLR. • https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-032-libvnc-multiple-memory-leaks https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html https://lists.debian.org/debian-lts-announce/2019/11/msg00033.html https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html https://security.gentoo.org/glsa/201908-05 https://security.gentoo.org/glsa/202006-06 https://usn.ub • CWE-665: Improper Initialization •

CVSS: 7.8EPSS: 1%CPEs: 7EXPL: 0

LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains a CWE-835: Infinite loop vulnerability in VNC client code. Vulnerability allows attacker to consume excessive amount of resources like CPU and RAM LibVNC antes del commit con ID c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contiene una vulnerabilidad CWE-835: bucle infinito en el código del cliente VNC. Esta vulnerabilidad permite que el atacante consuma una cantidad excesiva de recursos como la CPU y la RAM. • https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-031-libvnc-infinite-loop https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html https://lists.debian.org/debian-lts-announce/2019/11/msg00033.html https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html https://security.gentoo.org/glsa/201908-05 https://security.gentoo.org/glsa/202006-06 https://usn.ubuntu.com • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0

LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR LibVNC antes de 8b06f835e259652b0ff026898014fc7297ade858 contiene una vulnerabilidad CWE-665: inicialización incorrecta en el código del cliente VNC que permite que un atacante lea memoria de la pila y puede abusarse para divulgar información. Si se combina con otra vulnerabilidad, puede emplearse para filtrar la distribución de la memoria de la pila y omitir ASLR. • https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-033-libvnc-memory-leak https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html https://security.gentoo.org/glsa/201908-05 https://usn.ubuntu.com/3877-1 https://usn.ubuntu.com/4547-1 https://usn.ubuntu.com/4587-1 https://www.debian.org/security/2019/dsa-4383 • CWE-665: Improper Initialization •

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0

LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contains null pointer dereference in VNC client code that can result DoS. LibVNC antes del commit con ID 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contiene una desreferencia de puntero NULL en el código del cliente VNC que puede resultar en una denegación de servicio (DoS). • https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-034-libvnc-null-pointer-dereference https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html https://lists.debian.org/debian-lts-announce/2019/11/msg00033.html https://security.gentoo.org/glsa/201908-05 https://security.gentoo.org/glsa/202006-06 https://usn.ubuntu.com/3877-1 https://usn.ubuntu.com/4547-1 https://us • CWE-476: NULL Pointer Dereference •

CVSS: 8.0EPSS: 0%CPEs: 12EXPL: 0

A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. Se ha encontrado un error en el subsistema de archivos NFS41+ del kernel de Linux. • http://www.securityfocus.com/bid/106253 https://access.redhat.com/errata/RHSA-2019:1873 https://access.redhat.com/errata/RHSA-2019:1891 https://access.redhat.com/errata/RHSA-2019:2696 https://access.redhat.com/errata/RHSA-2019:2730 https://access.redhat.com/errata/RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3517 https://access.redhat.com/errata/RHSA-2020:0204 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16884 https://lists.debian.org/debian-lts • CWE-416: Use After Free •