CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 2CVE-2013-4256 – Debian Security Advisory 2771-1
https://notcve.org/view.php?id=CVE-2013-4256
20 Aug 2013 — Multiple stack-based and heap-based buffer overflows in Network Audio System (NAS) 1.9.3 allow local users to cause a denial of service (crash) or possibly execute arbitrary code via the (1) display command argument to the ProcessCommandLine function in server/os/utils.c; (2) ResetHosts function in server/os/access.c; (3) open_unix_socket, (4) open_isc_local, (5) open_xsight_local, (6) open_att_local, or (7) open_att_svr4_local function in server/os/connection.c; the (8) AUDIOHOST environment variable to th... • http://radscan.com/pipermail/nas/2013-August/001270.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2013-4258 – Debian Security Advisory 2771-1
https://notcve.org/view.php?id=CVE-2013-4258
20 Aug 2013 — Format string vulnerability in the osLogMsg function in server/os/aulog.c in Network Audio System (NAS) 1.9.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in unspecified vectors, related to syslog. Vulnerabilidad de cadena de formato en la función de osLogMsg en server/os/aulog.c de Network Audio System (NAS) 1.9.3 permite a atacantes remotos provocar una denegación de servicio (cuelgue) o posiblemente ejecutar código arbitrari... • http://radscan.com/pipermail/nas/2013-August/001270.html • CWE-134: Use of Externally-Controlled Format String •