Page 89 of 716 results (0.016 seconds)

CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 1

An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability. Existe una vulnerabilidad explotable de lectura fuera de límites en la forma en que el servidor web CoTURN 4.5.1.1 analiza las solicitudes POST. Una solicitud HTTP POST especialmente diseñada puede provocar fugas de información y otros comportamientos incorrectos. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQZZPI34LAS3SFNW6Z2ZJ46RKVGEODNA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OUVZRXW5ZIGWVKOLF3NPXRPP74YX7BUY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XN2NK6FT7AMW5UIZNXDNHKEAYWAUMGSF https://talosintelligence.com/vulnerability_reports/TALOS-2020-0984 https://usn.ubuntu.com/4415-1 https://www.debian.org/security/2020/dsa-4711 • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 2%CPEs: 10EXPL: 1

An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an HTTP request to trigger this vulnerability. Se presenta una vulnerabilidad de denegación de servicio explotable en la manera en que el servidor web CoTURN versión 4.5.1.1 analiza las peticiones POST. Una petición HTTP POST especialmente diseñada puede conllevar a un bloqueo del servidor y una denegación de servicio. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQZZPI34LAS3SFNW6Z2ZJ46RKVGEODNA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OUVZRXW5ZIGWVKOLF3NPXRPP74YX7BUY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XN2NK6FT7AMW5UIZNXDNHKEAYWAUMGSF https://talosintelligence.com/vulnerability_reports/TALOS-2020-0985 https://usn.ubuntu.com/4415-1 https://www.debian.org/security/2020/dsa-4711 • CWE-476: NULL Pointer Dereference •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1

If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Thunderbird 60. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Thunderbird < 68.5. • https://bugzilla.mozilla.org/show_bug.cgi?id=1606619 https://security.gentoo.org/glsa/202003-10 https://usn.ubuntu.com/4328-1 https://usn.ubuntu.com/4335-1 https://www.mozilla.org/security/advisories/mfsa2020-07 https://access.redhat.com/security/cve/CVE-2020-6794 https://bugzilla.redhat.com/show_bug.cgi?id=1801956 • CWE-312: Cleartext Storage of Sensitive Information CWE-459: Incomplete Cleanup CWE-522: Insufficiently Protected Credentials •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents. This vulnerability affects Thunderbird < 68.5. Cuando se deriva un identificador para un mensaje de correo electrónico, una memoria no inicializada fue usada en adición al contenido del mensaje. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 68.5. • https://bugzilla.mozilla.org/show_bug.cgi?id=1609607 https://security.gentoo.org/glsa/202003-10 https://usn.ubuntu.com/4328-1 https://usn.ubuntu.com/4335-1 https://www.mozilla.org/security/advisories/mfsa2020-07 https://access.redhat.com/security/cve/CVE-2020-6792 https://bugzilla.redhat.com/show_bug.cgi?id=1801958 • CWE-456: Missing Initialization of a Variable CWE-908: Use of Uninitialized Resource CWE-909: Missing Initialization of Resource •

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0

Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5. Los desarrolladores de Mozilla y los miembros de comunidad han reportado bugs de seguridad de la memoria presentes en Firefox versión 72 y Firefox ESR versión 68.4. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1595786%2C1596706%2C1598543%2C1604851%2C1608580%2C1608785%2C1605777 https://security.gentoo.org/glsa/202003-02 https://security.gentoo.org/glsa/202003-10 https://usn.ubuntu.com/4278-2 https://usn.ubuntu.com/4328-1 https://usn.ubuntu.com/4335-1 https://www.mozilla.org/security/advisories/mfsa2020-05 https://www.mozilla.org/security/advisories/mfsa2020-06 https://www.mozilla.org/security/advisories/mfsa2020-07 https://access.redhat.com&# • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •