21 results (0.015 seconds)

CVSS: 6.5EPSS: 0%CPEs: 324EXPL: 0

TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. Una condición de tipo TSX Asynchronous Abort en algunas CPU que utilizan ejecución especulativa puede habilitar a un usuario autenticado para permitir potencialmente una divulgación de información por medio de un canal lateral con acceso local. A flaw was found in the way Intel CPUs handle speculative execution of instructions when the TSX Asynchronous Abort (TAA) error occurs. A local authenticated attacker with the ability to monitor execution times could infer the TSX memory state by comparing abort execution times. This could allow information disclosure via this observed side-channel for any TSX transaction being executed while an attacker is able to observe abort timing. Intel's Transactional Synchronisation Extensions (TSX) are set of instructions which enable transactional memory support to improve performance of the multi-threaded applications, in the lock-protected critical sections. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00045.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00042.html http://packetstormsecurity.com/files/155375/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://www.openwall.com/lists/oss-security/2019/12/10/3 http://www.openwall.com/lists/oss-security/2019/12/10/4 http://www.openwall.com/lists/oss-security/2019/12 • CWE-203: Observable Discrepancy •

CVSS: 7.8EPSS: 94%CPEs: 109EXPL: 0

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013. La implementación RFC en rdata.c en ISC BIND 9.7.x y 9.8.x anterior a 9.8.5-P2, 9.8.6b1, 9.9.x anterior a 9.9.3-P2, y 9.9.4b1, y DNSco BIND 9.9.3-S1 anterior a 9.9.3-S1-P1 y 9.9.4-S1b1, permite a atacantes remotos provocar una denegación de servicio (fallo de aserción y salida de demonio) a través de una petición con una sección RDATA manipulada que se maneja adecuadamente durante la contrucción de mensaje de log. Ha sido explotada "in the wild" en Julio de 2013. This vulnerability allows remote attackers to cause a denial of service condition on vulnerable installations of ISC BIND. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of an rdata section with a length that is less than four. • http://archives.neohapsis.com/archives/bugtraq/2013-08/0030.html http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html http://linux.oracle.com/errata/ELSA-2014-1244 http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113108.html http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113251.html http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00018.html http://rhn. •

CVSS: 10.0EPSS: 2%CPEs: 40EXPL: 0

Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options. Vulnerabilidad no especificada en rsync, en versiones anteriores a la 3.0.0pre6, cuando se ejecuta un demonio rsync en modo lectura-escritura. Permite que atacantes remotos vulneren exclude, exclude_from, y filter, además de poder leer y escribir archivos ocultos usando: (1) symlink, (2) partial-dir, (3) backup-dir, y (4) opciones dest sin especificar. • http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html http://rsync.samba.org/security.html#s3_0_0 http://secunia.com/advisories/27853 http://secunia.com/advisories/27863 http://secunia.com/advisories/28412 http://secunia.com/advisories/28457 http://secunia.com/advisories/31326 http://securitytracker.com/id?1019012 http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257 http://www. • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.3EPSS: 2%CPEs: 40EXPL: 0

rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy. rsync, en versiones anteriores a la 3.0.0pre6. Cuando se ejecuta un demonio rsync en modo lectura-escritura que no use chroot, se permite así que atacantes remotos accedan a ficheros de acceso restringido, usando vectores desconocidos que provocan que rsync cree un enlace simbólico que apunta fuera de la jerarquía de ficheros del módulo. • http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html http://rsync.samba.org/security.html#s3_0_0 http://secunia.com/advisories/27853 http://secunia.com/advisories/27863 http://secunia.com/advisories/28412 http://secunia.com/advisories/28457 http://secunia.com/advisories/31326 http://secunia.com/advisories/61005 http://securitytracker.com/id?1019012 http://support.f5.com/kb/en • CWE-16: Configuration •

CVSS: 9.8EPSS: 68%CPEs: 49EXPL: 2

Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value. Un desbordamiento de enteros en el archivo print-bgp.c en el disector BGP en tcpdump versión 3.9.6 y anteriores, permite a atacantes remotos ejecutar código arbitrario por medio de TLVs especialmente diseñados en un paquete BGP, relacionado a un valor de retorno no comprobado. • https://www.exploit-db.com/exploits/30319 http://bugs.gentoo.org/show_bug.cgi?id=184815 http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-bgp.c?r1=1.91.2.11&r2=1.91.2.12 http://docs.info.apple.com/article.html?artnum=307179 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://secunia.com/advisories/26135 http://secunia.com/advisories/26168 http://secunia.com/advisories/26223 http://secunia.com/advisories/26231 http://secunia.com&# • CWE-190: Integer Overflow or Wraparound CWE-252: Unchecked Return Value •