Page 20 of 429 results (0.008 seconds)

CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 1

iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8. iconvdata/ibm930.c en GNU C Library (también conocido como glibc) anterior a 2.16 permite a atacantes dependientes de contexto causar una denegación de servicio (lectura fuera de rango) a través de un valor de caracteres de multibytes de '0xffff' en la función iconv cuando convierte datos codificados de IBM930 a UTF-8. • http://www.debian.org/security/2015/dsa-3142 http://www.mandriva.com/security/advisories?name=MDVSA-2014:175 http://www.openwall.com/lists/oss-security/2014/08/29/3 http://www.openwall.com/lists/oss-security/2014/09/02/1 http://www.securityfocus.com/bid/69472 http://www.ubuntu.com/usn/USN-2432-1 https://security.gentoo.org/glsa/201503-04 https://sourceware.org/bugzilla/show_bug.cgi?id=14134 https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=6e230d1183 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 10%CPEs: 4EXPL: 1

Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted email header, related to "unbalanced quotes." Desbordamiento de buffer basado en memoria dinámica en formisc.c en formail en procmail 3.22 permite a atacantes remotos causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de una cabecera de email manipulada, relacionado con 'comillas inestables.' A heap-based buffer overflow flaw was found in procmail's formail utility. A remote attacker could send an email with specially crafted headers that, when processed by formail, could cause procmail to crash or, possibly, execute arbitrary code as the user running formail. • http://linux.oracle.com/errata/ELSA-2014-1172.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00022.html http://rhn.redhat.com/errata/RHSA-2014-1172.html http://secunia.com/advisories/61076 http://secunia.com/advisories/61090 http://secunia.com/advisories/61108 http://www.debian.org/security/2014/dsa-3019 http:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVSS: 6.8EPSS: 3%CPEs: 4EXPL: 0

Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to "different line lengths in a specific order." Múltiples desbordamientos de buffer basado en memoria dinámica en la función status_handler en (1) engine-gpgsm.c y (2) engine-uiserver.c en GPGME anterior a 1.5.1 permiten a atacantes remotos causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de vectores relacionados con 'longitudes de línea diferentes en un orden especifico.' • http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git%3Ba=commit%3Bh=2cbd76f7911fc215845e89b50d6af5ff4a83dd77 http://seclists.org/oss-sec/2014/q3/266 http://www.debian.org/security/2014/dsa-3005 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.osvdb.org/109699 http://www.securityfocus.com/bid/68990 https://bugzilla.redhat.com/show_bug.cgi?id=1113267 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 3

The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. El paquete eglibc versiones anteriores a la versión 2.14, manejó incorrectamente la función getaddrinfo(). Un atacante podría usar este problema para causar una denegación de servicio. • http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00020.html http://www.openwall.com/lists/oss-security/2013/09/17/4 http://www.openwall.com/lists/oss-security/2013/09/17/8 http://www.openwall.com/lists/oss-security/2015/01/28/18 http://www.openwall.com/lists/oss-security/2015/01/29/21 http://www.openwall.com/lists/oss-security/2015/02/24/3 http://www.securityfocus.com/bid/67992 http://www.ubuntu.com/usn/USN-2306-1 http://www.u • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0

CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py. CUPS anterior a 2.0 permite a usuarios locales leer ficheros arbitrarios a través de un ataque de enlace simbólico sobre (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc o (6) index.py. It was discovered that CUPS allowed certain users to create symbolic links in certain directories under /var/cache/cups/. A local user with the 'lp' group privileges could use this flaw to read the contents of arbitrary files on the system or, potentially, escalate their privileges on the system. • http://advisories.mageia.org/MGASA-2014-0313.html http://rhn.redhat.com/errata/RHSA-2014-1388.html http://secunia.com/advisories/60509 http://secunia.com/advisories/60787 http://www.debian.org/security/2014/dsa-2990 http://www.mandriva.com/security/advisories?name=MDVSA-2015:108 http://www.openwall.com/lists/oss-security/2014/07/22/13 http://www.openwall.com/lists/oss-security/2014/07/22/2 http://www.ubuntu.com/usn/USN-2341-1 https://cups.org/str.php • CWE-59: Improper Link Resolution Before File Access ('Link Following') •