Page 113 of 700 results (0.009 seconds)

CVSS: 6.8EPSS: 1%CPEs: 9EXPL: 0

CVE-2014-9679 – cups: cupsRasterReadPixels buffer overflow

https://notcve.org/view.php?id=CVE-2014-9679

Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow. Desbordamiento de enteros en la función cupsRasterReadPixels en filter/raster.c en CUPS anterior a 2.0.2 permite a atacantes remotos tener un impacto no especificado a través de un fichero de raster comprimido malformado, lo que provoca un desbordamiento de buffer. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way CUPS handled compressed raster image files. An attacker could create a specially crafted image file that, when passed via the CUPS Raster filter, could cause the CUPS filter to crash. • http://advisories.mageia.org/MGASA-2015-0067.html http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150171.html http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150177.html http://lists.opensuse.org/opensuse-updates/2015-02/msg00098.html http://rhn.redhat.com/errata/RHSA-2015-1123.html http://www.debian.org/security/2015/dsa-3172 http://www.mandriva.com/security/advisories?name=MDVSA-2015:049 http://www.mandriva.com/security/advisories?name=MDVSA-201 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0

CVE-2013-2027

https://notcve.org/view.php?id=CVE-2013-2027

Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors. Jython 2.2.1 utiliza el uses el desenmascar actual para configurar los privilegios de los ficheros del caché de clases, lo que permite a usuarios locales evadir las restricciones de acceso a través de vectores no especificados. • http://advisories.mageia.org/MGASA-2015-0096.html http://lists.opensuse.org/opensuse-updates/2015-02/msg00055.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:158 http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html https://bugzilla.redhat.com/show_bug.cgi?id=947949 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 1.9EPSS: 0%CPEs: 50EXPL: 0

CVE-2015-0245

https://notcve.org/view.php?id=CVE-2015-0245

D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds. D-Bus 1.4.x hasta 1.6.x anterior a 1.6.30, 1.8.x anterior a 1.8.16, y 1.9.x anterior a 1.9.10 no valida la fuente de los señales ActivationFailure, lo que permite a usuarios locales causar una denegación de servicio (retorno del error del fallo de activación) mediante el aprovechamiento de una condición de carrera que involucra el envío de un señal ActivationFailure antes de que systemd responda. • http://advisories.mageia.org/MGASA-2015-0071.html http://lists.opensuse.org/opensuse-updates/2015-02/msg00066.html http://www.debian.org/security/2015/dsa-3161 http://www.mandriva.com/security/advisories?name=MDVSA-2015:176 http://www.openwall.com/lists/oss-security/2015/02/09/6 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 6.4EPSS: 2%CPEs: 5EXPL: 2

CVE-2014-9512

https://notcve.org/view.php?id=CVE-2014-9512

rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path. rsync 3.1.1 permite a atacantes remotos escribir a ficheros arbitrarios a través de un ataque de enlace simbólico sobre un fichero en la ruta de sincronización. • http://lists.opensuse.org/opensuse-updates/2015-02/msg00041.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00095.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00112.html http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.securityfocus.com/bid/76093 http://www.securitytracker.com/id/1034786 http://www.ubuntu.com/usn/USN-2879-1 http://xteam.baidu.com/?p=169 https://bugzilla.samba.org/show_bug.cgi?id=10977 https: • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 2.1EPSS: 0%CPEs: 4EXPL: 1

CVE-2015-1345 – grep: heap buffer overrun

https://notcve.org/view.php?id=CVE-2015-1345

The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option. La función bmexec_trans en kwset.c en grep 2.19 hasta 2.21 permite a usuarios locales causar una denegación de servicio (lectura de la memoria dinámica fuera de rango y caída) a través de entradas manipuladas cuando se utiliza la opción -F. A heap-based buffer overflow flaw was found in the way grep processed certain pattern and text combinations. An attacker able to trick a user into running grep on specially crafted input could use this flaw to crash grep or, potentially, read from uninitialized memory. • http://debbugs.gnu.org/cgi/bugreport.cgi?bug=19563 http://git.savannah.gnu.org/cgit/grep.git/commit/?id=83a95bd8c8561875b948cadd417c653dbe7ef2e2 http://lists.opensuse.org/opensuse-updates/2015-02/msg00037.html http://rhn.redhat.com/errata/RHSA-2015-1447.html http://www.openwall.com/lists/oss-security/2015/01/22/10 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/72281 https://access.redhat.com/security/cve/CVE-2015-1345 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •