Page 16 of 135 results (0.011 seconds)

CVSS: 5.0EPSS: 1%CPEs: 9EXPL: 2

DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset. DB_LOOKUP en nss_files/files-XXX.c en Name Service Switch (NSS) en GNU C Library (también conocida como glibc o libc6) 2.21 y versiones anteriores no comprueba correctamente si un archivo está abierto, lo que permite a atacantes remotos causar una denegación de servicio (bucle infinito) realizando una búsqueda en una base de datos mientras itera sobre ella, lo que desencadena que el puntero al archivo sea reestablecido. It was found that the files back end of Name Service Switch (NSS) did not isolate iteration over an entire database from key-based look-up API calls. An application performing look-ups on a database while iterating over it could enter an infinite loop, leading to a denial of service. • http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html http://rhn.redhat.com/errata/RHSA-2015-0327.html http://www.debian.org/security/2016/dsa-3480 http://www.securityfocus.com/bid/73038 http://www.ubuntu.com/usn/USN-2985-1 http://www.ubuntu.com/usn/USN-2985-2 https://bugzilla.redhat.com/show_bug.cgi?id=1165192 https://security.gentoo.org/glsa/201602-02 https://sourcewa • CWE-17: DEPRECATED: Code CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0

The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function. La función send_dg en resolv/res_send.c en GNU C Library (también conocido como glibc o libc6) en versiones anteriores a 2.20 no reutiliza adecuadamente descriptores de fichero, lo que permite a atacantes remotos mandar consultas DNS a ubicaciones no intencionadas a través de un gran número de peticiones que desencadenan una llamada a la función getaddrinfo. It was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data. Many Moxa devices suffer from command injection, cross site scripting, and outdated software vulnerabilities. • http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html http://rhn.redhat.com/errata/RHSA-2015-0863.html http://seclists.org/fulldisclosure/2021/Sep/0 http://www.openwall.com/lists/oss-security/2015/01/28/20 http://www.securityfocus.com/bid/72844 http://www.ubuntu.com/usn/USN-2519-1 https://access.redhat.com/errata/RHSA-2016:1207 https://github.com/golang&# • CWE-17: DEPRECATED: Code CWE-201: Insertion of Sensitive Information Into Sent Data •

CVSS: 7.8EPSS: 11%CPEs: 7EXPL: 1

The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process. La implementación nss_dns de getnetbyname en GNU C Library (también conocido como glibc) anterior a 2.21, cuando el backend DNS en la configuración Name Service Switch está habilitado, permite a atacantes remotos causar una denegación de servicio (bucle infinito) mediante el envió de una respuesta positiva mientras el nombre de una red está siendo procesada. Many Cisco devices such as Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, and Cisco 160W suffer from having hard-coded credentials, known GNU glibc, known BusyBox, and IoT Inspector identified vulnerabilities. • http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html http://seclists.org/fulldisclosure/2019/Jun/18 http://seclists.org/fulldisclosure/2019/Sep/7 http://www.openwall.com/lists/oss-security/2014/12/18/1 http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628&# • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 5.1EPSS: 1%CPEs: 1EXPL: 0

The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to ping6. Vulnerabilidad en la función getaddrinfo en glibc en versiones anteriores a 2.15, cuando es compilado con libidn y es utilizado el indicador AI_IDN, permite a atacantes dependientes de contexto provocar una denegación de servicio (liberación de memoria no válida) y posiblemente ejecutar código arbitrario a través de vectores no especificados, según lo demostrado en un nombre de dominio internacionalizado para ping6. An invalid free flaw was found in glibc's getaddrinfo() function when used with the AI_IDN flag. A remote attacker able to make an application call this function could use this flaw to execute arbitrary code with the permissions of the user running the application. Note that this flaw only affected applications using glibc compiled with libidn support. • http://rhn.redhat.com/errata/RHSA-2015-1627.html http://www.openwall.com/lists/oss-security/2015/01/29/21 http://www.securityfocus.com/bid/72710 https://bugzilla.redhat.com/show_bug.cgi?id=1186614 https://bugzilla.redhat.com/show_bug.cgi?id=981942 https://sourceware.org/bugzilla/show_bug.cgi?id=18011 https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=2e96f1c7 https://access.redhat.com/security/cve/CVE-2013-7424 • CWE-17: DEPRECATED: Code •

CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 0

The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service (segmentation violation) or overwrite memory locations beyond the stack boundary via a long line containing wide characters that are improperly handled in a wscanf call. El macro ADDW en stdio-common/vfscanf.c en la libraría GNU C (también conocida como glibc o libc6) anterior a 2.21 no considera correctamente el tamaño de tipos de datos durante una decisión de la gestión de riesgos para utilizar en la función alloca, lo que podría permitir atacantes dependientes de contexto causar una denegación de servicio (violación de segmentación) o sobrescribir localizaciones de memoria más allá del límite de la pila a través de una línea larga que contiene caracateres anchas que se manejen incorrectamente en una llamada wscanf. A stack overflow flaw was found in glibc's swscanf() function. An attacker able to make an application call the swscanf() function could use this flaw to crash that application or, potentially, execute arbitrary code with the permissions of the user running the application. • http://openwall.com/lists/oss-security/2015/02/04/1 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/72499 http://www.ubuntu.com/usn/USN-2519-1 https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commit%3Bh=5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06 https://access.redhat.com/security/cve/CVE-2015-1473 https://bugzilla.redhat.com/show_bug.cgi?id=1209105 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •