CVSS: 4.3EPSS: 7%CPEs: 28EXPL: 0CVE-2015-4142 – hostapd: integer underflow in AP mode WMM Action frame processing
https://notcve.org/view.php?id=CVE-2015-4142
Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read. Subdesbordamiento de enteros en el analizador sintáctico Frame de WMM Action en hostapd 0.5.5 hasta 2.4 y wpa_supplicant 0.7.0 hasta 2.4, cuando utilizado para la funcionalidad MLME/SME del modo AP, permite a atacantes remotos causar una denegación de servicio (caída) a través de un Frame manipulado, lo que provoca una lectura fuera de rango. An integer underflow flaw, leading to a buffer over-read, was found in the way wpa_supplicant handled WMM Action frames. A specially crafted frame could possibly allow an attacker within Wi-Fi radio range to cause wpa_supplicant to crash. • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171401.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172608.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172655.html http://lists.opensuse.org/opensuse-updates/2015-06/msg00019.html http://rhn.redhat.com/errata/RHSA-2015-1090.html http://rhn.redhat.com/errata/RHSA-2015-1439.html http://seclists.org/fulldisclosure/2022/May/34 http://w1.fi/security/2015-3/integer • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.0EPSS: 1%CPEs: 10EXPL: 0CVE-2015-4002
https://notcve.org/view.php?id=CVE-2015-4002
drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions. drivers/staging/ozwpan/ozusbsvc1.c en el controlador OZWPAN en el kernel de Linux hasta 4.0.5 no asegura que ciertas valores de longitud están lo suficientemente grandes, lo que permite a atacantes remotos causar una denegación de servicio (caída de sistema o bucle grande) o posiblemente ejecutar código arbitrario a través de un paquete manipulado, relacionado con las funciones (1) oz_usb_rx y (2) oz_usb_handle_ep_data. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a59029bc218b48eff8b5d4dde5662fd79d3e1a8 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d114b9fe78c8d6fc6e70808c2092aa307c36dc8e http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html http://openwall.com/lists/oss-security/2015/06/05/7 http://www.securityfocus.com/bid/74668 http://www.ubuntu.com/usn/USN-2665-1 http://www.ubuntu.com/usn/USN-2667-1 https://github.com& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 3.6EPSS: 0%CPEs: 3EXPL: 0CVE-2015-4156
https://notcve.org/view.php?id=CVE-2015-4156
GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file. GNU Parallel anterior a 20150522 (Nepal), cuando utiliza (1) --cat o (2) --fifo con --sshlogin, permite a usuarios locales escribir en ficheros arbitrarios a través de un ataque de enlace simbólico sobre un fichero temporal. • http://lists.gnu.org/archive/html/parallel/2015-04/msg00045.html http://lists.gnu.org/archive/html/parallel/2015-05/msg00024.html http://lists.opensuse.org/opensuse-updates/2015-05/msg00090.html http://www.securityfocus.com/bid/74961 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 4%CPEs: 24EXPL: 0CVE-2015-8779 – glibc: Unbounded stack allocation in catopen function
https://notcve.org/view.php?id=CVE-2015-8779
Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name. Desbordamiento de buffer basado en pila en la función catopen en la GNU C Library (también conocida como glibc o libc6) en versiones anteriores a 2.23 permite a atacantes dependientes de contexto causar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a través de un nombre de catálogo largo. A stack based buffer overflow vulnerability was found in the catopen() function. An excessively long string passed to the function could cause it to crash or, potentially, execute arbitrary code. Many Cisco devices such as Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, and Cisco 160W suffer from having hard-coded credentials, known GNU glibc, known BusyBox, and IoT Inspector identified vulnerabilities. • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html http://packetstormsecurity.com/files/154361/Cisco-Device-Hardc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0CVE-2016-3075 – glibc: Stack overflow in nss_dns_getnetbyname_r
https://notcve.org/view.php?id=CVE-2016-3075
Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name. Desbordamiento de buffer basado en pila en la implementación nss_dns de la función getnetbyname en GNU C Library (también conocido como glibc) en versiones anteriores a 2.24 permite a atacantes dependientes del contexto provocar una denegación de servicio (consumo de pila y caída de aplicación) a través de un nombre largo. A stack overflow vulnerability was found in _nss_dns_getnetbyname_r. On systems with nsswitch configured to include "networks: dns" with a privileged or network-facing service that would attempt to resolve user-provided network names, an attacker could provide an excessively long network name, resulting in stack corruption and code execution. • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html http://rhn.redhat.com/errata/RHSA-2016-2573.html http://www.securityfocus.com/bid/85732 http://www.ubuntu.com/usn/USN-2985-1 https://security.gentoo.org/glsa/201702-11 https://sourceware.org/bugzilla/show_bug.cgi?id=19879 https://sourceware.org/git/gitweb.cgi?p=glibc. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •