Page 93 of 693 results (0.016 seconds)

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0

A vulnerability was found in Exim and classified as problematic. This issue affects the function dmarc_dns_lookup of the file dmarc.c of the component DMARC Handler. The manipulation leads to use after free. The attack may be initiated remotely. The name of the patch is 12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445. • https://git.exim.org/exim.git/commit/12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/667V3ADXQ2MHUJMSXA3VZZEWLVSCIBEU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EIH4W5R7SHTUEQFWWKB4TUO5YFZX64KV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XV2K2AWF62FSJ64B5CUZPFT4COK7P5PM https://vuldb.com/?id.211919 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •

CVSS: 7.1EPSS: 0%CPEs: 13EXPL: 0

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products that are built with the module ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module. NGINX Open Source anteriores as versiones 1.23.2 y 1.22.1, NGINX Open Source Subscription versiones anteriores a R2 P1 y R1 P1, y NGINX Plus versiones anteriores a R27 P1 y R26 P1, presentan una vulnerabilidad en el módulo ngx_http_mp4_module que podría permitir a un atacante local causar un bloqueo del proceso del trabajador, o podría resultar en una divulgación de la memoria del proceso del trabajador mediante el uso de un archivo de audio o vídeo especialmente diseñado. El problema afecta sólo a los productos NGINX que son construidos con el módulo ngx_http_mp4_module, cuando es usada la directiva mp4 en el archivo de configuración. • https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPRVYA4FS34VWB4FEFYNAD7Z2LFCJVEI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FD6M3PVVKO35WLAA7GLDBS6TEQ26SM64 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WBORRVG7VVXYOAIAD64ZHES2U2VIUKFQ https://security.netapp.com/advisory/ntap-20230120-0005 https://support.f5.com/csp/article/K28112382 • CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its termination or potential other impact using a specially crafted audio or video file. The issue affects only NGINX products that are built with the ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module. NGINX Open Source versiones anteriores a 1.23.2 y 1.22.1, NGINX Open Source Subscription versiones anteriores a R2 P1 y R1 P1, y NGINX Plus anteriores a R27 P1 y R26 P1, presentan una vulnerabilidad en el módulo ngx_http_mp4_module que podría permitir a un atacante local corromper la memoria del trabajador de NGINX, resultando en su terminación o cualquier otro impacto potencial usando un archivo de audio o vídeo especialmente diseñado. El problema afecta sólo a productos NGINX que son construidos con el módulo ngx_http_mp4_, cuando es usada la directiva mp4 en el archivo de configuración. • https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPRVYA4FS34VWB4FEFYNAD7Z2LFCJVEI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FD6M3PVVKO35WLAA7GLDBS6TEQ26SM64 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WBORRVG7VVXYOAIAD64ZHES2U2VIUKFQ https://security.netapp.com/advisory/ntap-20230120-0005 https://support.f5.com/csp/article/K81926432 • CWE-787: Out-of-bounds Write •

CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0

Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `--no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. • http://seclists.org/fulldisclosure/2022/Nov/1 http://www.openwall.com/lists/oss-security/2023/02/14/5 http://www.openwall.com/lists/oss-security/2024/05/14/2 https://github.com/git/git/security/advisories/GHSA-3wp6-j8xr-qw85 https://lists.debian.org/debian-lts-announce/2022/12/msg00025.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C7B6JPKX5CGGLAHXJVQMIZNNEEB72FHD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraprojec • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.8EPSS: 1%CPEs: 14EXPL: 0

Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to `execv()`, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to `git shell` as a login shell in order to be vulnerable to this attack. • http://seclists.org/fulldisclosure/2022/Nov/1 https://github.com/git/git/security/advisories/GHSA-rjr6-wcq6-83p6 https://lists.debian.org/debian-lts-announce/2022/12/msg00025.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C7B6JPKX5CGGLAHXJVQMIZNNEEB72FHD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OHNO2FB55CPX47BAXMBWUBGWHO6N6ZZH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKFHE4K • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •