Page 118 of 2433 results (0.011 seconds)

CVSS: 6.5EPSS: 0%CPEs: 20EXPL: 1

An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo. Se ha descubierto un problema en Poppler 0.71.0. Hay una fuga de memoria en GfxColorSpace::setDisplayProfile in GfxState.cc, tal y como queda demostrado con pdftocairo. • https://access.redhat.com/errata/RHSA-2019:2022 https://access.redhat.com/errata/RHSA-2019:2713 https://gitlab.freedesktop.org/poppler/poppler/issues/654 https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html https://usn.ubuntu.com/4042-1 https://access.redhat.com/security/cve/CVE-2018-18897 https://bugzilla.redhat.com/show_bug.cgi?id=1646546 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0

The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial of service. El sistema de archivos Gluster hasta las versiones 3.12 y 4.1.4 es vulnerable a un desbordamiento de búfer en el traductor "features/index" mediante el código que maneja el xattr "GF_XATTR_CLRLK_CMD" en la función "pl_getxattr". Un atacante autenticado remoto podría explotar esta vulnerabilidad en un volumen montado para provocar una denegación de servicio (DoS). A buffer overflow was found in strncpy of the pl_getxattr() function. • https://access.redhat.com/errata/RHSA-2018:3431 https://access.redhat.com/errata/RHSA-2018:3432 https://access.redhat.com/errata/RHSA-2018:3470 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14652 https://lists.debian.org/debian-lts-announce/2018/11/msg00003.html https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html https://security.gentoo.org/glsa/201904-06 https://access.redhat.com/security/cve/CVE-2018-14652 https://bugzilla.redhat.com/show_bug.cg • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0

The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr(2)' to trigger a state dump and create an arbitrary number of files in the server's runtime directory. El sistema de archivos Gluster hasta las versiones 3.12 y 4.1.4 es vulnerable a un ataque de denegación de servicio (DoS) mediante el uso del xattr "GF_XATTR_IOSTATS_DUMP_KEY". Un atacante autenticado remoto podría explotar esta vulnerabilidad montando un volumen Gluster y llamando repetidamente a "setxattr(2)" para desencadenar un volcado de estado y crear un número arbitrario de archivos en el directorio runtime del servidor. A flaw was found in glusterfs server which allowed clients to create io-stats dumps on server node. • https://access.redhat.com/errata/RHSA-2018:3431 https://access.redhat.com/errata/RHSA-2018:3432 https://access.redhat.com/errata/RHSA-2018:3470 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14659 https://lists.debian.org/debian-lts-announce/2018/11/msg00003.html https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html https://security.gentoo.org/glsa/201904-06 https://access.redhat.com/security/cve/CVE-2018-14659 https://bugzilla.redhat.com/show_bug.cg • CWE-400: Uncontrolled Resource Consumption •

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0

It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service. Se ha detectado que el uso de la función snprintf en el traductor feature/locks del servidor glusterfs 3.8.4, tal y como se distribuye con Red Hat Gluster Storage, era vulnerable a un ataque de cadena de formato. Un atacante remoto autenticado podría explotar este error para provocar una denegación de servicio (DoS). It was found that usage of snprintf function in feature/locks translator of glusterfs server was vulnerable to a format string attack. • https://access.redhat.com/errata/RHSA-2018:3431 https://access.redhat.com/errata/RHSA-2018:3432 https://access.redhat.com/errata/RHSA-2018:3470 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14661 https://lists.debian.org/debian-lts-announce/2018/11/msg00003.html https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html https://security.gentoo.org/glsa/201904-06 https://access.redhat.com/security/cve/CVE-2018-14661 https://bugzilla.redhat.com/show_bug.cg • CWE-20: Improper Input Validation CWE-134: Use of Externally-Controlled Format String •

CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0

A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs server node. Se ha encontrado un error en el servidor glusterfs hasta las versiones 4.1.4 y 3.1.2 que permitía el uso repetido del xattr GF_META_LOCK_KEY. Un atacante autenticado remoto podría emplear este error para crear múltiples bloqueos para un único inode mediante el uso repetido de setxattr, lo que resulta en el agotamiento de la memoria del nodo del servidor glusterfs. A flaw was found in glusterfs server which allowed repeated usage of GF_META_LOCK_KEY xattr. • https://access.redhat.com/errata/RHSA-2018:3431 https://access.redhat.com/errata/RHSA-2018:3432 https://access.redhat.com/errata/RHSA-2018:3470 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14660 https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html https://security.gentoo.org/glsa/201904-06 https://access.redhat.com/security/cve/CVE-2018-14660 https://bugzilla.redhat.com/show_bug.cgi?id=1635926 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •