Page 133 of 1121 results (0.012 seconds)

CVSS: 4.3EPSS: 3%CPEs: 7EXPL: 0

CVE-2015-5262

https://notcve.org/view.php?id=CVE-2015-5262

http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors. http/conn/ssl/SSLConnectionSocketFactory.java en Apache HttpComponents HttpClient en versiones anteriores a 4.3.6 ignora el ajuste de configuración http.socket.timeout durante un handshake de SSL, lo que permite a atacantes remotos provocar una denegación de servicio (cuelgue de llamada HTTPS) a través de vectores no especificados. • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/167962.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/167999.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168030.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00033.html http://svn.apache.org/viewvc?view=revision&revision=1626784 http://www.oracle.com/technetwork/security-advisory/cpujul2018 • CWE-399: Resource Management Errors •

CVSS: 6.8EPSS: 2%CPEs: 5EXPL: 0

CVE-2015-7674

https://notcve.org/view.php?id=CVE-2015-7674

Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow. Desbordamiento de entero en la función pixops_scale_nearest en pixops/pixops.c en gdk-pixbuf en versiones anteriores a 2.32.1 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) y posiblemente ejecutar código arbitrario a través de un archivo de imagen GIF manipulado, lo que desencadena un desbordamiento de buffer basado en memoria dinámica. • http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/2.32/gdk-pixbuf-2.32.1.news http://lists.opensuse.org/opensuse-updates/2016-03/msg00124.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00006.html http://www.debian.org/security/2015/dsa-3378 http://www.openwall.com/lists/oss-security/2015/10/01/4 http://www.openwall.com/lists/oss-security/2015/10/01/7 http://www.openwall.com/lists/oss-security/2015/10/02/10 http://www.openwall.com/lists/o • CWE-189: Numeric Errors •

CVSS: 6.5EPSS: 0%CPEs: 22EXPL: 0

CVE-2015-5239

https://notcve.org/view.php?id=CVE-2015-5239

Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop. Un desbordamiento de enteros en el controlador de pantalla VNC en QEMU versiones anteriores a 2.1.0, permite a atacantes causar una denegación de servicio (bloqueo del proceso) mediante un mensaje CLIENT_CUT_TEXT, que desencadena un bucle infinito. • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00011.html http://www.openwall.com/lists/oss-security&#x • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 3

CVE-2015-1338 – Apport 2.19 (Ubuntu 15.04) - Local Privilege Escalation

https://notcve.org/view.php?id=CVE-2015-1338

kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log. kernel_crashdump en Apport en versiones anteriores a 2.19, permite a usuarios locales provocar una denegación de servicio (consumo de disco) o posiblemente obtener privilegios a través de un ataque de enlace (1) simbólico o (2) duro en /var/crash/vmcore.log. • https://www.exploit-db.com/exploits/38353 http://packetstormsecurity.com/files/133723/Ubuntu-Apport-kernel_crashdump-Symlink.html http://seclists.org/fulldisclosure/2015/Sep/101 http://www.halfdog.net/Security/2015/ApportKernelCrashdumpFileAccessVulnerabilities http://www.ubuntu.com/usn/USN-2744-1 https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1492570 https://launchpad.net/apport/trunk/2.19 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 7.5EPSS: 4%CPEs: 7EXPL: 0

CVE-2015-7236 – rpcbind: Use-after-free vulnerability in PMAP_CALLIT

https://notcve.org/view.php?id=CVE-2015-7236

Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a PMAP_CALLIT code. Vulnerabilidad de uso después de liberación de memoria en xprt_set_caller en rpcb_svc_com.c en rpcbind 0.2.1 y versiones anteriores, permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de paquetes manipulados, implicando un código PMAP_CALLIT. A use-after-free flaw related to the PMAP_CALLIT operation and TCP/UDP connections was discovered in rpcbind. A remote, unauthenticated attacker could possibly exploit this flaw to crash the rpcbind service (denial of service) by performing a series of UDP and TCP calls. • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171030.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172152.html http://www.debian.org/security/2015/dsa-3366 http://www.openwall.com/lists/oss-security/2015/09/17/1 http://www.openwall.com/lists/oss-security/2015/09/17/6 http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://www& • CWE-416: Use After Free •