Page 2 of 113 results (0.014 seconds)

CVSS: 7.5EPSS: 6%CPEs: 8EXPL: 0

14 Jul 2016 — The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file. La función lha_read_file_extended_header en archive_read_support_format_lha.c en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos provocar una denegación de servicio (memoria dinámica fuera de rango) a través de un archivo (1) lzh o (2) lha manipulado. A vulnerability w... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

14 Jul 2016 — The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file. La función lha_ar_read_header en archive_read_support_format_ar.c en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos provocar una denegación de servicio (lectura de pila fuera de rango) a través de un archivo ar manipulado. A vulnerability was found in libarchive. A specially crafted AR archiv... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 3%CPEs: 8EXPL: 0

14 Jul 2016 — The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. La función ae_strtofflags en archive_entry.c en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un archivo mtree manipulado. A vulnerability was found in libarchive. A specially crafted mtree file could cause libarchive to read beyond a sta... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html • CWE-125: Out-of-bounds Read •

CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0

14 Jul 2016 — The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct. La función read_CodersInfo en archive_read_support_format_7zip.c en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída) a través de un archivo 7z manipulado, relacionado con la est... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html • CWE-476: NULL Pointer Dereference •

CVSS: 6.5EPSS: 2%CPEs: 8EXPL: 0

14 Jul 2016 — The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file. La función process_extra en libarchive en versiones anteriores a 3.2.0 utiliza el campo de tamaño y un número con signo en un desplazamiento, lo que permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo zip manipulado. A vulnerability was found in libarchive. A specially ... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

14 Jul 2016 — The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file. La función archive_read_format_tar_read_header en archive_read_support_format_tar.c en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un archivo tar manipulado. A vulnerability was found in libarchive. ... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html • CWE-125: Out-of-bounds Read •

CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0

27 Jun 2016 — The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command. La función key_reject_and_link en security/keys/key.c en el kernel de Linux hasta la versión 4.6.3 no asegura que cierta estructura de datos esté inicializada, lo que permite a usuarios locales provocar una denegación de servicio (caí... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=38327424b40bcebe2de92d07312c89360ac9229a • CWE-253: Incorrect Check of Function Return Value •

CVSS: 7.8EPSS: 5%CPEs: 26EXPL: 6

27 Jun 2016 — The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement. Las implementaciones de compat IPT_SO_SET_REPLACE y IP6T_SO_SET_REPLACE setsockopt en el subsistema netfilter en el kernel de Linux antes de 4.6.3 permiten a los usuarios lo... • https://packetstorm.news/files/id/139880 • CWE-20: Improper Input Validation CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0

21 Jun 2016 — Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.103 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome en versiones anteriores a 51.0.2704.103 permiten a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 51.0.2704.103. S... • http://googlechromereleases.blogspot.com/2016/06/stable-channel-update_16.html •

CVSS: 8.1EPSS: 0%CPEs: 22EXPL: 2

10 Jun 2016 — The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling. La función ecryptfs_privileged_open en fs/ecryptfs/kthread.c en el kernel de Linux en versiones anteriores a 4.6.3 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (consumo de memoria... • https://packetstorm.news/files/id/137560 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •