Page 2 of 12 results (0.003 seconds)

CVSS: 10.0EPSS: 5%CPEs: 32EXPL: 0

A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory. Una vulnerabilidad de "escritura en pila" en GnuPG (gpg) 1.x anterior a la 1.4.6, 2.x anterior a la 2.0.2 y 1.9.0 hasta la 1.9.95 permite a atacantes ejecutar código de su elección mediante paquetes OpenPGP artesanales que provocan que GnuPG haga referencia a un puntero a función que está en memoria (en la pila) que ya ha sido liberada. • ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html http://lists.suse.com/archive/suse-security-announce/2006-Dec/0004.html http://secunia.com/advisories/23245 http://secunia.com/advisories/23250 http://secunia.com/advisories/23255 http://secunia.com/advisories/23259 http://secunia.com/advisories/23269 http://secunia.com/advisories/23284 http://secunia.com/advisories/23290 http://secunia. •

CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 3

Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error. • https://www.exploit-db.com/exploits/587 https://www.exploit-db.com/exploits/24694 http://marc.info/?l=bugtraq&m=109906660225051&w=2 http://secunia.com/advisories/12898 http://secunia.com/advisories/19073 http://securitytracker.com/id?1011783 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1 http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm http://www.apacheweek.com/features/security-13 http://www.debian.org/security/2004/dsa-594 http:/& • CWE-131: Incorrect Calculation of Buffer Size •

CVSS: 10.0EPSS: 10%CPEs: 42EXPL: 0

Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer. • http://gaim.sourceforge.net/security/?id=9 http://www.gentoo.org/security/en/glsa/glsa-200410-23.xml http://www.redhat.com/support/errata/RHSA-2004-604.html https://bugzilla.fedora.us/show_bug.cgi?id=2188 https://exchange.xforce.ibmcloud.com/vulnerabilities/17786 https://exchange.xforce.ibmcloud.com/vulnerabilities/17787 https://exchange.xforce.ibmcloud.com/vulnerabilities/17790 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11790 https://www.ubuntu& •

CVSS: 2.1EPSS: 0%CPEs: 27EXPL: 0

getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via a symlink attack on subdirectories in the maildir. • http://marc.info/?l=bugtraq&m=109571883130372&w=2 http://security.gentoo.org/glsa/glsa-200409-32.xml http://www.debian.org/security/2004/dsa-553 http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG https://exchange.xforce.ibmcloud.com/vulnerabilities/17439 •

CVSS: 1.2EPSS: 0%CPEs: 27EXPL: 0

getmail 4.x before 4.2.0, when run as root, allows local users to overwrite arbitrary files via a symlink attack on an mbox file. • http://marc.info/?l=bugtraq&m=109571883130372&w=2 http://security.gentoo.org/glsa/glsa-200409-32.xml http://www.debian.org/security/2004/dsa-553 http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG https://exchange.xforce.ibmcloud.com/vulnerabilities/17437 •