CVSS: 9.8EPSS: 1%CPEs: 9EXPL: 0CVE-2016-2090
https://notcve.org/view.php?id=CVE-2016-2090
Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow. Vulnerabilidad de error por un paso en la función fgetwln en libbsd en versiones anteriores a 0.8.2 permite a atacantes tener un impacto no especificado a través de vectores desconocidos, lo que desencadena un desbordamiento de búfer basado en memoria dinámica. • http://www.openwall.com/lists/oss-security/2016/01/28/5 https://blog.fuzzing-project.org/36-Heap-buffer-overflow-in-fgetwln-function-of-libbsd.html https://bugs.freedesktop.org/show_bug.cgi?id=93881 https://cgit.freedesktop.org/libbsd/commit/?id=c8f0723d2b4520bdd6b9eb7c3e7976de726d7ff7 https://lists.debian.org/debian-lts-announce/2019/12/msg00036.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KJE5SPSX7HEKLZ34LUTZLXWPEL2K353 https://lists.fedoraproject.org/archi • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 3%CPEs: 6EXPL: 0CVE-2015-8868 – poppler: heap buffer overflow in ExponentialFunction
https://notcve.org/view.php?id=CVE-2015-8868
Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document. Desbordamiento de buffer basado en memoria dinámica en la función ExponentialFunction::ExponentialFunction en Poppler en versiones anteriores a 0.40.0 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída) o posiblemente ejecutar código arbitrario a través de un modo blend no válido en el diccionario ExtGState en un documento PDF manipulado. A heap-buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code when opened. • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183107.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183142.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00068.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00077.html http://rhn.redhat.com/errata/RHSA-2016-2580.html http://www.debian.org/security/2016/dsa-3563 http://www.openwall.com/lists/oss-security/2016/04/12/1 http://www.securityfocus.com/bid/89324 http: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0CVE-2015-1877
https://notcve.org/view.php?id=CVE-2015-1877
The open_generic_xdg_mime function in xdg-open in xdg-utils 1.1.0 rc1 in Debian, when using dash, does not properly handle local variables, which allows remote attackers to execute arbitrary commands via a crafted file. La función open_generic_xdg_mime en xdg-open en xdg-utils versión 1.1.0 rc1 en Debian, cuando se usa dash, no maneja apropiadamente las variables locales, lo que permite a atacantes remotos ejecutar comandos arbitrarios por medio de un archivo diseñado • http://www.debian.org/security/2015/dsa-3165 http://www.openwall.com/lists/oss-security/2015/02/18/7 http://www.openwall.com/lists/oss-security/2015/02/18/9 http://www.securityfocus.com/bid/72675 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777722 https://bugs.freedesktop.org/show_bug.cgi?id=89129 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 1.9EPSS: 0%CPEs: 50EXPL: 0CVE-2015-0245
https://notcve.org/view.php?id=CVE-2015-0245
D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds. D-Bus 1.4.x hasta 1.6.x anterior a 1.6.30, 1.8.x anterior a 1.8.16, y 1.9.x anterior a 1.9.10 no valida la fuente de los señales ActivationFailure, lo que permite a usuarios locales causar una denegación de servicio (retorno del error del fallo de activación) mediante el aprovechamiento de una condición de carrera que involucra el envío de un señal ActivationFailure antes de que systemd responda. • http://advisories.mageia.org/MGASA-2015-0071.html http://lists.opensuse.org/opensuse-updates/2015-02/msg00066.html http://www.debian.org/security/2015/dsa-3161 http://www.mandriva.com/security/advisories?name=MDVSA-2015:176 http://www.openwall.com/lists/oss-security/2015/02/09/6 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 2.1EPSS: 0%CPEs: 26EXPL: 2CVE-2014-7824
https://notcve.org/view.php?id=CVE-2014-7824
D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1. D-Bus hasta 1.3.0 y 1.6.x antes de 1.6.26, 1.8.x antes de 1.8.10, y 1.9.x antes de 1.9.2 permite a usuarios locales provocar una denegación de servicio (la prevención de nuevas conexiones y caída de conexión) colocando en cola el número máximo de descriptores de archivos. NOTA: esta vulnerabilidad existe debido a que no se completo la solución para CVE-2014 a 3.636,1. • http://advisories.mageia.org/MGASA-2014-0457.html http://secunia.com/advisories/62603 http://www.debian.org/security/2014/dsa-3099 http://www.mandriva.com/security/advisories?name=MDVSA-2015:176 http://www.openwall.com/lists/oss-security/2014/11/10/2 http://www.securityfocus.com/bid/71012 http://www.ubuntu.com/usn/USN-2425-1 https://bugs.freedesktop.org/show_bug.cgi?id=85105 https://exchange.xforce.ibmcloud.com/vulnerabilities/98576 • CWE-399: Resource Management Errors •