Page 12 of 190 results (0.007 seconds)

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0

CVE-2015-1395

https://notcve.org/view.php?id=CVE-2015-1395

Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name. Una vulnerabilidad de salto de directorio en GNU en versiones de parche que soportan parcheo Git-style en versiones anteriores a la 2.7.3 permite que atacantes remotos escriban en archivos arbitrarios con los permisos del usuario objetivo mediante un ".." (dot dot) en el nombre de un archivo diff. • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154214.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148953.html http://www.openwall.com/lists/oss-security/2015/01/27/28 http://www.securityfocus.com/bid/72846 http://www.ubuntu.com/usn/USN-2651-1 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775873 https://bugzilla.redhat.com/show_bug.cgi?id=1184490 https://git.savannah.gnu.org/cgit/patch.git/commit/?id=17953b5893f7c9835f0dd2a704 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.1EPSS: 1%CPEs: 7EXPL: 0

CVE-2014-9637

https://notcve.org/view.php?id=CVE-2014-9637

GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file. GNU parche 2.7.2 y anteriores permite que atacantes remotos provoquen una denegación de servicio (consumo de memoria y error de segmentación) mediante un archivo diff manipulado. • http://advisories.mageia.org/MGASA-2015-0068.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154214.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148953.html http://www.openwall.com/lists/oss-security/2015/01/22/7 http://www.securityfocus.com/bid/72286 http://www.ubuntu.com/usn/USN-2651-1 https://bugzilla.redhat.com/show_bug.cgi?id=1185262 https://git.savannah.gnu.org/cgit/patch.git/commit/?id=0c08d7a902c6fdd49b704623a12d8d672ef18944 • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0

CVE-2015-0886

https://notcve.org/view.php?id=CVE-2015-0886

Integer overflow in the crypt_raw method in the key-stretching implementation in jBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a brute-force attack against hashes associated with the maximum exponent. Desbordamiento de enteros en el método crypt_raw en la implementación del estiramiento de claves en jBCrypt anterior a 0.4 facilita a atacantes remotos determinar valores en texto claro de hashes de contraseñas a través de un ataque de fuerza bruta contra los hashes asociados con el exponente máximo. • http://jvn.jp/en/jp/JVN77718330/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2015-000033 http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151496.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151786.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151797.html http://www.mindrot.org/projects/jBCrypt/news/rel04.html https://bugzilla.mindrot.org/show_bug.cgi?id=2097 https://lists.apache.org/thread.html/rbd23e3ac8113b4da0a025c0e45170 • CWE-190: Integer Overflow or Wraparound •

CVSS: 6.8EPSS: 1%CPEs: 9EXPL: 0

CVE-2014-9679 – cups: cupsRasterReadPixels buffer overflow

https://notcve.org/view.php?id=CVE-2014-9679

Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow. Desbordamiento de enteros en la función cupsRasterReadPixels en filter/raster.c en CUPS anterior a 2.0.2 permite a atacantes remotos tener un impacto no especificado a través de un fichero de raster comprimido malformado, lo que provoca un desbordamiento de buffer. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way CUPS handled compressed raster image files. An attacker could create a specially crafted image file that, when passed via the CUPS Raster filter, could cause the CUPS filter to crash. • http://advisories.mageia.org/MGASA-2015-0067.html http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150171.html http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150177.html http://lists.opensuse.org/opensuse-updates/2015-02/msg00098.html http://rhn.redhat.com/errata/RHSA-2015-1123.html http://www.debian.org/security/2015/dsa-3172 http://www.mandriva.com/security/advisories?name=MDVSA-2015:049 http://www.mandriva.com/security/advisories?name=MDVSA-201 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 4%CPEs: 29EXPL: 1

CVE-2014-9465

https://notcve.org/view.php?id=CVE-2014-9465

senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service (/tmp disk consumption) by uploading a large number of files. senddocument.php en Zarafa WebApp anterior a 2.0 beta 3 y WebAccess en Zarafa Collaboration Platform (ZCP) 7.x anterior a 7.1.12 beta 1 y 7.2.x anterior a 7.2.0 beta 1 permite a atacantes remotos causar una denegación de servicio (consumo de disco /tmp) mediante la subida de un número grande de ficheros. • http://advisories.mageia.org/MGASA-2015-0049.html http://download.zarafa.com/community/beta/7.1/changelog-7.1.txt http://download.zarafa.com/community/beta/7.2/changelog-7.2.txt http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156112.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156228.html http://security.robert-scheck.de/cve-2014-9465-zarafa http://www.mandriva.com/security/advisories?name=MDVSA-2015:040 http://www.openwall.com/lists • CWE-399: Resource Management Errors •