Page 93 of 783 results (0.015 seconds)

CVSS: 8.1EPSS: 4%CPEs: 22EXPL: 0

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms). FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.5, maneja incorrectamente la interacción entre los gadgets de serialización y la escritura, relacionada con oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, y oracle.jms.AQjmsXAConnectionFactory (también se conoce como weblogic/oracle-aqjms) A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://github.com/FasterXML/jackson-databind/issues/2698 https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 https://security.netapp.com/advisory/ntap-20200702-0003 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle.com/security-alerts/cpuo • CWE-502: Deserialization of Untrusted Data •

CVSS: 8.1EPSS: 7%CPEs: 20EXPL: 0

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2). FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.5, maneja incorrectamente la interacción entre los gadgets de serialización y la escritura, relacionada con com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (también se conoce como xalan2) A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://github.com/FasterXML/jackson-databind/issues/2704 https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 https://security.netapp.com/advisory/ntap-20200702-0003 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle.com/security-alerts/cpuo • CWE-502: Deserialization of Untrusted Data •

CVSS: 4.4EPSS: 0%CPEs: 41EXPL: 0

A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data. Se encontró un fallo en la implementación de los volcados de núcleo del Userspace del kernel de Linux. Este fallo permite a un atacante con una cuenta local bloquear un programa trivial y exfiltrar datos privados del kernel A flaw was found in the Linux kernel’s implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10732 https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=aca969cacf07f41070d788ce2b8ca71f09d5207d https://github.com/google/kmsan/issues/76 https://github.com/ruscur/linux/commit/a95cdec9fa0c08e6eeb410d461c03af8fd1fef0a https://lore.kernel.org/lkml/CAG_fn=VZZ7yUxtOGzuTLkr7wmfXWtKK9BHHYawj • CWE-908: Use of Uninitialized Resource •

CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 1

A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system. Se encontró un fallo en el kernel de Linux en las versiones posteriores a 4.5-rc1, en la manera en que mremap manejó DAX Huge Pages. Este fallo permite a un atacante local con acceso a un almacenamiento habilitado para DAX escalar sus privilegios en el sistema A flaw was found in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html https://bugzilla.redhat.com/show_bug.cgi?id=1842525 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5bfea2d9b17f1034a68147a8b03b9789af5700f9 https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IEM47BXZJLODRH5YNNZSAQ2NVM63MYMC https://security.netapp.com/advisory/ntap-20200702-0004 https://usn.ubuntu.com& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 6.7EPSS: 0%CPEs: 4EXPL: 0

systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082. systemd versiones hasta v245 maneja inapropiadamente los nombres de usuario numéricos, tales como los compuestos por dígitos decimales o 0x seguidos de dígitos hexadecimales, como es demostrado por el uso de privilegios root cuando era previsto privilegios de la cuenta de usuario 0x0. NOTA: este problema se presenta debido a una corrección incompleta para CVE-2017-1000082. A flaw was found in systemd, where it mishandles numerical usernames beginning with decimal digits, or "0x" followed by hexadecimal digits. When the usernames are used by systemd, for example in service units, an unexpected user may be used instead. • https://github.com/systemd/systemd/issues/15985 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IYGLFEKG45EYBJ7TPQMLWROWPTZBEU63 https://security.netapp.com/advisory/ntap-20200611-0003 https://access.redhat.com/security/cve/CVE-2020-13776 https://bugzilla.redhat.com/show_bug.cgi?id=1845534 • CWE-269: Improper Privilege Management CWE-440: Expected Behavior Violation •