Page 2 of 87 results (0.010 seconds)

CVSS: 5.5EPSS: 1%CPEs: 15EXPL: 0

CVE-2014-9853

https://notcve.org/view.php?id=CVE-2014-9853

Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file. Fuga de memoria en los coders/rle.c de ImageMagick permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de un archivo rle manipulado. • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2016-08 • CWE-399: Resource Management Errors •

CVSS: 7.2EPSS: 0%CPEs: 23EXPL: 0

CVE-2015-8816

https://notcve.org/view.php?id=CVE-2015-8816

The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device. La función hub_activate en drivers/usb/core/hub.c en el Kernel de Linux en versiones anteriores a 4.3.5 no mantiene correctamente una estructura de datos hub-interface, lo que permite a atacantes físicamente próximos provocar una denegación de servicio (acceso a memoria no válido y caída de sistema) o posiblemente tener otro impacto no especificado desenchufando un dispositivo hub USB. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e50293ef9775c5f1cf3fcc093037dd6a8c5684ea http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html http://lists.opensuse.org •

CVSS: 8.1EPSS: 97%CPEs: 68EXPL: 10

CVE-2015-7547 – glibc - 'getaddrinfo' Stack Buffer Overflow (PoC)

https://notcve.org/view.php?id=CVE-2015-7547

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. Múltiples desbordamientos de buffer basado en pila en las funciones (1) send_dg y (2) send_vc en la librería libresolv en la librería GNU C (también conocida como glibc o libc6) en versiones anteriores a 2.23 permiten a atacantes remotos causar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de una respuesta DNS manipulada que desencadenan una llamada a la función getaddrinfo con la familia de direcciones AF_UNSPEC o AF_INET6, en relación con la ejecución de "consultas duales A/AAAA DNS" y el módulo libnss_dns.so.2 NSS. A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module. • https://www.exploit-db.com/exploits/39454 https://www.exploit-db.com/exploits/40339 https://github.com/fjserna/CVE-2015-7547 https://github.com/cakuzo/CVE-2015-7547 https://github.com/Stick-U235/CVE-2015-7547-Research https://github.com/t0r0t0r0/CVE-2015-7547 https://github.com/babykillerblack/CVE-2015-7547 https://github.com/Amilaperera12/Glibc-Vulnerability-Exploit-CVE-2015-7547 https://github.com/miracle03/CVE-2015-7547-master https://github.com/bluebluelan/CVE-2015-7547&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •

CVSS: 3.5EPSS: 0%CPEs: 30EXPL: 0

CVE-2015-6815

https://notcve.org/view.php?id=CVE-2015-6815

The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors. La función process_tx_desc en el archivo hw/net/e1000.c en QEMU versiones anteriores a 2.4.0.1, no procesa apropiadamente los datos del descriptor de transmisión cuando se envía un paquete de red, lo que permite a atacantes causar una denegación de servicio (bucle infinito y bloqueo de invitado) por medio de vectores no especificados. • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00011.html http://www.openwall.com/lists/oss-security&#x • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 7.5EPSS: 0%CPEs: 28EXPL: 0

CVE-2015-3405 – ntp: ntp-keygen may generate non-random symmetric keys on big-endian systems

https://notcve.org/view.php?id=CVE-2015-3405

ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys. ntp-keygen en ntp en versiones 4.2.8px anteriores a la 4.2.8p2-RC2 y en versiones 4.3.x anteriores a la 4.3.12 no genera claves MD5 con la suficiente entropía en máquinas big endian cuando el byte de menor orden de la variable temp se sitúa entre 0x20 y 0x7f y no #. Esto podría permitir que atacantes remotos obtengan el valor de las claves MD5 generadas mediante un ataque de fuerza bruta con las 93 claves posibles. A flaw was found in the way the ntp-keygen utility generated MD5 symmetric keys on big-endian systems. An attacker could possibly use this flaw to guess generated MD5 keys, which could then be used to spoof an NTP client or server. • http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=55199296N2gFqH1Hm5GOnhrk9Ypygg http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156248.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00000.html http://rhn.redhat.com/errata/RHSA-2015-1459.html http://rhn.redhat.com/errata/RHSA-2015-2231.html http://www.debian.org/security/2015/dsa-3223 http://www.debian.org/security/2015/dsa-3388 http://www.openwall.com/lists/oss-security/2015/04/23/14 http& • CWE-330: Use of Insufficiently Random Values CWE-331: Insufficient Entropy •