Page 16 of 100 results (0.014 seconds)

CVSS: 7.5EPSS: 4%CPEs: 26EXPL: 2

Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow. Desbordamiento de enteros en string/strcoll_l.c en GNU C Library (también conocida como glibc o libc6) 2.17 y anteriores versiones permite a atacantes dependientes del contexto provocar una denegación del servicio (cuelgue) o posiblemente ejecutar código arbitrario a través de una cadena larga, lo que provoca un desbordamiento de buffer basado en memoria dinámica. The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in the firmware. Furthermore, hardcoded password hashes and credentials were also found by doing an automated scan with IoT Inspector. • https://www.exploit-db.com/exploits/37783 http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html http://seclists.org/fulldisclosure/2019/Jun/18 http://secunia.com/advisories/55113 http://sourceware.org/bugzilla/show_bug.cgi?id=14547 http://www.mandriva.com/security/advisories?name=MDVSA-2013:283 http://www.mandriva.com/security/advisories?name=MDVSA-2013:284 http://www.openwall.com/lists/oss-security/2012/09/07/9 http • CWE-189: Numeric Errors •

CVSS: 2.6EPSS: 0%CPEs: 28EXPL: 0

pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. pt_chown en GNU C Library (también conocida como glibc o libc6) anterior a la versión 2.18 no comprueba adecuadamente los permisos para archivos tty, lo que permite a usuarios locales cambiar el permiso en los archivos y obtener acceso a pseudo-terminals arbitrarios mediante el aprovechamiento de un sistema de archivos FUSE. • http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html http://secunia.com/advisories/55113 http://www.mandriva.com/security/advisories?name=MDVSA-2013:283 http://www.ubuntu.com/usn/USN-2985-1 http://www.ubuntu.com/usn/USN-2985-2 https://bugzilla.redhat.com/show_bug.cgi?id=976408 https://security.gentoo.org/glsa/201503-04 https://sourceware.org/bugzilla/show_bug.cgi?id=15755 https&# • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.4EPSS: 0%CPEs: 28EXPL: 2

Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions. Múltiples desbordamientos de enteros en malloc/malloc.c de GNU C Library (también conocida como glibc o libc6) 2.18 y anteriores versiones permite a atacantes dependientes del contexto provocar una denegación de servicio (corrupción de memoria dinámica) a través de un valor largo de funciones (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, o (5) aligned_alloc. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions (pvalloc, valloc, and memalign). If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. • http://rhn.redhat.com/errata/RHSA-2013-1411.html http://rhn.redhat.com/errata/RHSA-2013-1605.html http://secunia.com/advisories/55113 http://www.mandriva.com/security/advisories?name=MDVSA-2013:283 http://www.mandriva.com/security/advisories?name=MDVSA-2013:284 http://www.openwall.com/lists/oss-security/2013/09/12/6 http://www.securityfocus.com/bid/62324 http://www.ubuntu.com/usn/USN-1991-1 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4332 https:// • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •

CVSS: 5.1EPSS: 1%CPEs: 28EXPL: 3

The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address. La implementación PTR_MANGLE en la GNU C Library (librería también conocida como glibc o libc6) 2.4, 2.17 y versiones anteriores y Embedded GLIBC (EGLIBC) no inicia el valor aleatorio para la guardia de puntero, lo que facilita a atacantes dependientes del contexto controlar la ejecución de flujo aprovechando una vulnerabilidad de desbordamiento de búfer en una aplicación y utilizando el valor cero conocido guardia de puntero para calcular la dirección de puntero. • https://www.exploit-db.com/exploits/28657 http://hmarco.org/bugs/CVE-2013-4788.html http://seclists.org/fulldisclosure/2015/Sep/23 http://www.mandriva.com/security/advisories?name=MDVSA-2013:283 http://www.mandriva.com/security/advisories?name=MDVSA-2013:284 http://www.openwall.com/lists/oss-security/2013/07/15/9 http://www.securityfocus.com/bid/61183 https://security.gentoo.org/glsa/201503-04 • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 16%CPEs: 36EXPL: 0

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results. Desbordamiento de búfer basado en pila en la función getaddrinfo en sysdeps/posix/getaddrinfo.c en GNU C Library (tambien conocido como glibc o libc6) v2.17 y anteriores permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de un (1) nombre de host o (2) una dirección IP que desencadenan un gran número de resultados en la conversión de dominio. It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. Many Moxa devices suffer from command injection, cross site scripting, and outdated software vulnerabilities. • http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html http://rhn.redhat.com/errata/RHSA-2013-0769.html http://rhn.redhat.com/errata/RHSA-2013-1605.html http://seclists.org/fulldisclosure/2021/Sep/0 http://secunia.com/advisories/52817 http://secunia.com/advisories/55113 http://sourceware.org/bugzilla/show_bug.cgi?id=15330 http://sourceware.org/git/?p=glibc.git%3Ba=commitdiff%3Bh=1cef1b19089528db11f221e938f60b9b048945d7 http://www.mandriva • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •