Page 20 of 521 results (0.008 seconds)

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0

Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. Qemu versión 1.1.2+dfsg hasta 2.1+dfsg sufre un desbordamiento de búfer que podría resultar en una ejecución de código arbitrario en el host con los privilegios del proceso QEMU. • http://www.ubuntu.com/usn/USN-2342-1 https://access.redhat.com/security/cve/cve-2013-4532 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739589 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4532 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-4532 https://github.com/qemu/qemu/commit/2e1198672759eda6e122ff38fcf6df06f27e0fe2 https://security-tracker.debian.org/tracker/CVE-2013-4532 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 1

iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8. iconvdata/ibm930.c en GNU C Library (también conocido como glibc) anterior a 2.16 permite a atacantes dependientes de contexto causar una denegación de servicio (lectura fuera de rango) a través de un valor de caracteres de multibytes de '0xffff' en la función iconv cuando convierte datos codificados de IBM930 a UTF-8. • http://www.debian.org/security/2015/dsa-3142 http://www.mandriva.com/security/advisories?name=MDVSA-2014:175 http://www.openwall.com/lists/oss-security/2014/08/29/3 http://www.openwall.com/lists/oss-security/2014/09/02/1 http://www.securityfocus.com/bid/69472 http://www.ubuntu.com/usn/USN-2432-1 https://security.gentoo.org/glsa/201503-04 https://sourceware.org/bugzilla/show_bug.cgi?id=14134 https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=6e230d1183 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 10%CPEs: 4EXPL: 1

Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted email header, related to "unbalanced quotes." Desbordamiento de buffer basado en memoria dinámica en formisc.c en formail en procmail 3.22 permite a atacantes remotos causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de una cabecera de email manipulada, relacionado con 'comillas inestables.' A heap-based buffer overflow flaw was found in procmail's formail utility. A remote attacker could send an email with specially crafted headers that, when processed by formail, could cause procmail to crash or, possibly, execute arbitrary code as the user running formail. • http://linux.oracle.com/errata/ELSA-2014-1172.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00022.html http://rhn.redhat.com/errata/RHSA-2014-1172.html http://secunia.com/advisories/61076 http://secunia.com/advisories/61090 http://secunia.com/advisories/61108 http://www.debian.org/security/2014/dsa-3019 http:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVSS: 6.8EPSS: 3%CPEs: 4EXPL: 0

Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to "different line lengths in a specific order." Múltiples desbordamientos de buffer basado en memoria dinámica en la función status_handler en (1) engine-gpgsm.c y (2) engine-uiserver.c en GPGME anterior a 1.5.1 permiten a atacantes remotos causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de vectores relacionados con 'longitudes de línea diferentes en un orden especifico.' • http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git%3Ba=commit%3Bh=2cbd76f7911fc215845e89b50d6af5ff4a83dd77 http://seclists.org/oss-sec/2014/q3/266 http://www.debian.org/security/2014/dsa-3005 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.osvdb.org/109699 http://www.securityfocus.com/bid/68990 https://bugzilla.redhat.com/show_bug.cgi?id=1113267 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 3

The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. El paquete eglibc versiones anteriores a la versión 2.14, manejó incorrectamente la función getaddrinfo(). Un atacante podría usar este problema para causar una denegación de servicio. • http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00020.html http://www.openwall.com/lists/oss-security/2013/09/17/4 http://www.openwall.com/lists/oss-security/2013/09/17/8 http://www.openwall.com/lists/oss-security/2015/01/28/18 http://www.openwall.com/lists/oss-security/2015/01/29/21 http://www.openwall.com/lists/oss-security/2015/02/24/3 http://www.securityfocus.com/bid/67992 http://www.ubuntu.com/usn/USN-2306-1 http://www.u • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •