Page 12 of 214 results (0.011 seconds)

CVSS: 10.0EPSS: 13%CPEs: 10EXPL: 0

CVE-2016-2324 – git: path_name() integer truncation and overflow leading to buffer overflow

https://notcve.org/view.php?id=CVE-2016-2324

Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow. Desboradmiento de entero en Git en versiones anteriores a 2.7.4 permite a atacantes remotos ejecutar código arbitrario a través de un (1) nombre de archivo grande o (2) muchos árboles anidados, lo que desencadena un desbordamiento de buffer basado en memoria dinámica. An integer truncation flaw and an integer overflow flaw, both leading to a heap-based buffer overflow, were found in the way Git processed certain path information. A remote attacker could create a specially crafted Git repository that would cause a Git client or server to crash or, possibly, execute arbitrary code. • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183147.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179121.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180763.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00061.html http://lists.opensuse.org/opensuse-security-announce • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-194: Unexpected Sign Extension •

CVSS: 7.2EPSS: 0%CPEs: 23EXPL: 0

CVE-2015-8816

https://notcve.org/view.php?id=CVE-2015-8816

The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device. La función hub_activate en drivers/usb/core/hub.c en el Kernel de Linux en versiones anteriores a 4.3.5 no mantiene correctamente una estructura de datos hub-interface, lo que permite a atacantes físicamente próximos provocar una denegación de servicio (acceso a memoria no válido y caída de sistema) o posiblemente tener otro impacto no especificado desenchufando un dispositivo hub USB. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e50293ef9775c5f1cf3fcc093037dd6a8c5684ea http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html http://lists.opensuse.org •

CVSS: 8.1EPSS: 97%CPEs: 68EXPL: 10

CVE-2015-7547 – glibc - 'getaddrinfo' Stack Buffer Overflow (PoC)

https://notcve.org/view.php?id=CVE-2015-7547

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. Múltiples desbordamientos de buffer basado en pila en las funciones (1) send_dg y (2) send_vc en la librería libresolv en la librería GNU C (también conocida como glibc o libc6) en versiones anteriores a 2.23 permiten a atacantes remotos causar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de una respuesta DNS manipulada que desencadenan una llamada a la función getaddrinfo con la familia de direcciones AF_UNSPEC o AF_INET6, en relación con la ejecución de "consultas duales A/AAAA DNS" y el módulo libnss_dns.so.2 NSS. A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module. • https://www.exploit-db.com/exploits/39454 https://www.exploit-db.com/exploits/40339 https://github.com/fjserna/CVE-2015-7547 https://github.com/cakuzo/CVE-2015-7547 https://github.com/Stick-U235/CVE-2015-7547-Research https://github.com/t0r0t0r0/CVE-2015-7547 https://github.com/babykillerblack/CVE-2015-7547 https://github.com/Amilaperera12/Glibc-Vulnerability-Exploit-CVE-2015-7547 https://github.com/miracle03/CVE-2015-7547-master https://github.com/bluebluelan/CVE-2015-7547&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •

CVSS: 9.1EPSS: 0%CPEs: 14EXPL: 0

CVE-2015-5041 – JDK: J9 JVM allows code to invoke non-public interface methods

https://notcve.org/view.php?id=CVE-2015-5041

The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods. El JVM J9 en IBM SDK, Java Technology Edition 6 en versiones anteriores a SR16 FP20, 6 R1 en versiones anteriores a SR8 FP20, 7 en versiones anteriores a SR9 FP30 y 7 R1 en versiones anteriores a SR3 FP30 permite a atacantes remotos obtener información sensible o inyectar datos invocando a métodos de interfaz no públicos. • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00032.html http://www-01.ibm.com/support/docview.wss?uid=swg1IV72872 http://www-01.ibm.com/support/docview.wss?uid=swg21974194 http://www.securityfocus.com/bid/82451 https://access.redhat.com/errata/RHSA-201 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 108EXPL: 0

CVE-2015-7976

https://notcve.org/view.php?id=CVE-2015-7976

The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename. El comando savconfig ntpq en NTP 4.1.2, 4.2.x en versiones anteriores a 4.2.8p6, 4.3, 4.3.25, 4.3.70 y 4.3.77 no filtra adecuadamente caracteres especiales, lo que permite a atacantes causar un impacto no especificado a través de un nombre de archivo manipulado. • http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2016-08 • CWE-254: 7PK - Security Features •