CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 0CVE-2018-6485 – glibc: Integer overflow in posix_memalign in memalign functions
https://notcve.org/view.php?id=CVE-2018-6485
An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption. Un desbordamiento de enteros en la implementación de posix_memalign en las funciones memalign en GNU C Library (también conocido como glibc o libc6) en versiones 2.26 y anteriores podría provocar que estas funciones devuelvan un puntero a un área de la memoria dinámica (heap) demasiado pequeña, pudiendo corromper el heap. • http://bugs.debian.org/878159 http://www.securityfocus.com/bid/102912 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2018:3092 https://security.netapp.com/advisory/ntap-20190404-0003 https://sourceware.org/bugzilla/show_bug.cgi?id=22343 https://usn.ubuntu.com/4218-1 https://usn.ubuntu.com/4416-1 https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://access.redhat.com/security/cve/CVE-2018-6485 https:/ • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3514
https://notcve.org/view.php?id=CVE-2016-3514
Unspecified vulnerability in the Oracle Enterprise Communications Broker component in Oracle Communications Applications before PCz 2.0.0m4p1 allows remote authenticated users to affect confidentiality via vectors related to GUI, a different vulnerability than CVE-2016-3516. Vulnerabilidad no especificada en el componente Oracle Enterprise Communications Broker en Oracle Communications Applications en versiones anteriores a PCz 2.0.0m4p1 permite a usuarios remotos autenticados afectar la confidencialidad a través de vectores relacionados con GUI, una vulnerabilidad diferente a CVE-2016-3516. • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.securityfocus.com/bid/91787 http://www.securitytracker.com/id/1036401 http://www.synacktiv.com/ressources/oracle_sbc_configuration_issues.pdf •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3516
https://notcve.org/view.php?id=CVE-2016-3516
Unspecified vulnerability in the Oracle Enterprise Communications Broker component in Oracle Communications Applications before PCz 2.0.0m4p1 allows remote authenticated users to affect confidentiality via vectors related to GUI, a different vulnerability than CVE-2016-3514. Vulnerabilidad no especificada en el componente Oracle Enterprise Communications Broker en Oracle Communications Applications en versiones anteriores a PCz 2.0.0m4p1 permite usuarios remotos autenticados afectar la confidencialidad a través de vectores relacionados con GUI, una vulnerabilidad diferente a CVE-2016-3514. • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.securityfocus.com/bid/91787 http://www.securityfocus.com/bid/91858 http://www.securitytracker.com/id/1036401 http://www.synacktiv.com/ressources/oracle_sbc_verb_tampering.pdf •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3515
https://notcve.org/view.php?id=CVE-2016-3515
Unspecified vulnerability in the Oracle Enterprise Communications Broker component in Oracle Communications Applications before PCz 2.0.0m4p1 allows remote attackers to affect confidentiality via unknown vectors. Vulnerabilidad no especificada en el componente Oracle Enterprise Communications Broker en Oracle Communications Applications en versiones anteriores a PCz 2.0.0m4p1 permite a atacantes remotos afectar la confidencialidad a través de vectores desconocidos. • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.securityfocus.com/bid/91787 http://www.securityfocus.com/bid/91854 http://www.securitytracker.com/id/1036401 http://www.synacktiv.com/ressources/oracle_sbc_logfiles_leak.pdf •
CVSS: 5.0EPSS: 4%CPEs: 460EXPL: 3CVE-2014-9708 – Appweb Web Server Denial Of Service
https://notcve.org/view.php?id=CVE-2014-9708
Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by "Range: x=,". Embedthis Appweb anterior a 4.6.6 y 5.x anterior a 5.2.1 permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo) a través de una cabecera de rango con un valor vacío, tal y como fue demostrado por 'Rango: x=,'. Appweb Web Server suffers from a denial of service vulnerability. • http://packetstormsecurity.com/files/131157/Appweb-Web-Server-Denial-Of-Service.html http://seclists.org/fulldisclosure/2015/Apr/19 http://seclists.org/fulldisclosure/2015/Mar/158 http://www.openwall.com/lists/oss-security/2015/03/28/2 http://www.openwall.com/lists/oss-security/2015/04/06/2 http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.securityfocus.com/archive/1/535028/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/5 • CWE-476: NULL Pointer Dereference •