Page 9 of 580 results (0.009 seconds)

CVSS: 8.8EPSS: 2%CPEs: 8EXPL: 0

Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page. El manejo incorrecto de CORS en ServiceWorker en Google Chrome antes de 74.0.3729.108 permitió a un atacante remoto omitir la misma política de origen a través de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html https://crbug.com/771815 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI https://seclists.org/bugtraq/2019/Aug/19 https://security.gentoo.org/glsa/201908-18 htt •

CVSS: 9.3EPSS: 0%CPEs: 7EXPL: 0

KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability. KDE KAuth, versiones anteriores 5.55, permite el paso de parámetros con tipos arbitrarios a ayudantes que se ejecutan como root sobre DBus a través de DBusHelperProxy.cpp. Ciertos tipos pueden causar caídas y desencadenar la decodificación de imágenes arbitrarias con plugins cargados dinámicamente. • http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00065.html https://bugzilla.suse.com/show_bug.cgi?id=1124863 https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAWLQKTUQJOAPXOFWJQAQCA4LVM2P45F https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PXVUJNXB6QKGPT6YJPJSG3U2BIR5XK5Y • CWE-20: Improper Input Validation •

CVSS: 9.1EPSS: 1%CPEs: 19EXPL: 0

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash. Al procesar ciertos archivos, la extensión PHP EXIF en las versiones 7.1.x anteriores a 7.1.29, 7.2.x anteriores a 7.2.18 y 7.3.x anteriores a 7.3.5, puede hacer que se lea el búfer asignado en la función exif_process_IFD_TAG. Esto puede conducir a la revelación de información o a un cierre inesperado. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html http://www.securityfocus.com/bid/108177 https://access.redhat.com/errata/RHSA-2019:2519 https://access.redhat.com/errata/RHSA-2019:3299 https://bugs.php.net/bug.php?id=77950 https://lists. • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •

CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1

gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID. gpg-key2ps en signing-party versión 1.1.x y 2.x anteriores a la 2.10-1 contiene una llamada de shell insegura que permite la inyección de shell a través de un ID de usuario. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00029.html https://bugs.debian.org/928256 https://lists.debian.org/debian-lts-announce/2019/05/msg00001.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 1

In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to ExportRedQuantumType in magick/export.c. En GraphicsMagick, desde la versión 1.3.30 hasta la 1.4 snapshot-20190403 Q8, hay un desbordamiento de búfer basado en memoria dinámica (heap) en la función WriteMATLABImage de codificadores/mat.c, que permite a un atacante causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de un archivo de imagen creado. Esto está relacionado con ExportRedQuantumType en magick/export.c. • http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/57ac0ae85e2a http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00057.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.html https://lists.debian.org/debian-lts-announce/2019/05/msg00027.html https • CWE-787: Out-of-bounds Write •