Page 97 of 2247 results (0.037 seconds)

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0

The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory. La funcionalidad autocmd en el archivo window.c en Vim versiones anteriores a la versión 8.1.2136, accede a la memoria liberada. • https://github.com/vim/vim/commit/ec66c41d84e574baf8009dbc0bd088d2bc5b2421 https://github.com/vim/vim/compare/v8.1.2135...v8.1.2136 https://packetstormsecurity.com/files/154898 https://usn.ubuntu.com/4309-1 • CWE-416: Use After Free •

CVSS: 4.7EPSS: 0%CPEs: 24EXPL: 1

In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5. En el kernel de Linux versiones hasta 5.4.6, se presenta una desreferencia del puntero NULL en el archivo drivers/scsi/libsas/sas_discover.c debido a un manejo inapropiado de la desconexión del puerto durante la detección, relacionado con una condición de carrera baja PHY, también se conoce como CID-f70267f379b5. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f70267f379b5e5e11bdc5d72a56bf17e5feed01f https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://security.netapp.com/advisory/ntap-20200204-0002 https://usn.ubuntu.com/4284-1 https://usn.ubuntu.com/4285-1 https://usn.ubuntu.com/4286-1 https:// • CWE-476: NULL Pointer Dereference •

CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0

xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. La función xmlParseBalancedChunkMemoryRecover en el archivo parser.c en libxml2 versiones anteriores a 2.9.10, presenta una pérdida de memoria relacionada con newDoc-)oldNs. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00005.html https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549 https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject. • CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •

CVSS: 4.6EPSS: 0%CPEs: 16EXPL: 0

In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c. En el kernel de Linux versiones hasta 5.4.6, se presenta un filtrado de información de la memoria no inicializada hacia un dispositivo USB en el archivo controlador drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c, también se conoce como CID-da2311a6385c. • http://www.openwall.com/lists/oss-security/2019/12/24/1 https://github.com/torvalds/linux/commit/da2311a6385c3b499da2ed5d9be59ce331fa93e9 https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://security.netapp.com/advisory/ntap-20200204-0002 https://usn.ubuntu.com/4284-1 https://usn.ubuntu.com/4285-1 https://usn.ubuntu.com/4427-1 https://usn.ubuntu.com/4485-1 • CWE-908: Use of Uninitialized Resource •

CVSS: 7.4EPSS: 0%CPEs: 24EXPL: 1

An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability. Se presenta una vulnerabilidad de denegación de servicio explotable en el kernel de Linux anterior a mainline 5.3. • http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html https://git.kernel.org/linus/3e493173b7841259a08c5c8e5cbe90adb349da7e https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html https://security.netapp.com/advisory/ntap-20200204-0002 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0900 https://usn.ubuntu.com • CWE-287: Improper Authentication CWE-440: Expected Behavior Violation •