Page 23 of 429 results (0.014 seconds)

CVSS: 7.5EPSS: 2%CPEs: 26EXPL: 0

Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow. Múltiples desbordamientos de enteros en las funciones (1) fs_get_reply, (2) fs_alloc_glyphs y (3) fs_read_extent_info en X.Org libXfont anterior a 1.4.8 y 1.4.9x anterior a 1.4.99.901 permiten a servidores remotos de fuentes ejecutar código arbitrario a través de una respuesta xfs manipulada, lo que provoca un desbordamiento de buffer. Multiple out-of-bounds write flaws were found in the way libXfont parsed replies received from an X.org font server. A malicious X.org server could cause an X client to crash or, possibly, execute arbitrary code with the privileges of the X.Org server. • http://advisories.mageia.org/MGASA-2014-0278.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00073.html http://lists.x.org/archives/xorg-announce/2014-May/002431.html http://rhn.redhat.com/errata/RHSA-2014-1893.html http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/59154 http://www.debian.org/security/2014/dsa-2927 http://www.mandriva.com/security/advisories?name=MDVSA-2015:145 http://www.oracle.com/technetwork/topics/security/cpujul2014-1 • CWE-189: Numeric Errors CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 2%CPEs: 26EXPL: 0

Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function. Múltiples desbordamientos de buffer en X.Org libXfont anterior a 1.4.8 y 1.4.9x anterior a 1.4.99.901 permiten a servidores remotos de fuentes ejecutar código arbitrario a través de una respuesta de protocolo xfs manipulada hacia la función (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list o (7) fs_read_list_info. Multiple out-of-bounds write flaws were found in the way libXfont parsed replies received from an X.org font server. A malicious X.org server could cause an X client to crash or, possibly, execute arbitrary code with the privileges of the X.Org server. • http://advisories.mageia.org/MGASA-2014-0278.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00073.html http://lists.x.org/archives/xorg-announce/2014-May/002431.html http://rhn.redhat.com/errata/RHSA-2014-1893.html http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/59154 http://www.debian.org/security/2014/dsa-2927 http://www.mandriva.com/security/advisories?name=MDVSA-2015:145 http://www.oracle.com/technetwork/topics/security/cpujul2014-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •

CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 1

The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain length value is sufficiently large, which allows local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr and __skb_get_nlattr_nest functions before the vulnerability was announced. Las implementaciones de extensión (1) BPF_S_ANC_NLATTR y (2) BPF_S_ANC_NLATTR_NEST en la función sk_run_filter en net/core/filter.c en el kernel de Linux hasta 3.14.3 no comprueban si un valor de cierta longitud es lo suficientemente grande, lo que permite a usuarios locales causar una denegación de servicio (subdesbordamiento de enteros y caída de sistema) a través de instrucciones BPF manipuladas. NOTA: el código afectado fue trasladado a las funciones __skb_get_nlattr y __skb_get_nlattr_nest antes de anunciar la vulnerabilidad. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=05ab8f2647e4221cbdb3856dd7d32bd5407316b3 http://linux.oracle.com/errata/ELSA-2014-3052.html http://secunia.com/advisories/58990 http://secunia.com/advisories/59311 http://secunia.com/advisories/59597 http://secunia.com/advisories/60613 http://www.debian.org/security/2014/dsa-2949 http://www.openwall.com/lists/oss-security/2014/05/09/6 http://www.securityfocus.com/bid/67309 http://www.ubuntu. • CWE-190: Integer Overflow or Wraparound •

CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 1

The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced. La implementación de extensión BPF_S_ANC_NLATTR_NEST en la función sk_run_filter en net/core/filter.c en el kernel de Linux hasta 3.14.3 utiliza el orden inverso en cierta resta, lo que permite a usuarios locales causar una denegación de servicio (sobrelectura y caída de sistema) a través de instrucciones BPF manipuladas. NOTA: el código afectado fue trasladado a la función __skb_get_nlattr_nest antes de anunciar la vulnerabilidad. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=05ab8f2647e4221cbdb3856dd7d32bd5407316b3 http://linux.oracle.com/errata/ELSA-2014-3052.html http://secunia.com/advisories/58990 http://secunia.com/advisories/59311 http://secunia.com/advisories/59597 http://secunia.com/advisories/60613 http://www.debian.org/security/2014/dsa-2949 http://www.openwall.com/lists/oss-security/2014/05/09/6 http://www.securityfocus.com/bid/67321 http://www.securitytra • CWE-125: Out-of-bounds Read •

CVSS: 6.9EPSS: 1%CPEs: 49EXPL: 6

The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings. La función n_tty_write en drivers/tty/n_tty.c en el kernel de Linux hasta 3.14.3 no maneja debidamente acceso al controlador tty en el caso 'LECHO & !OPOST', lo que permite a usuarios locales causar una denegación de servicio (consumo de memoria y caída de sistema) o ganar privilegios mediante la provocación de una condición de carrera involucrando operaciones de lectura y escritura con cadenas largas. Linux Kernel contains a race condition vulnerability within the n_tty_write function that allows local users to cause a denial-of-service (DoS) or gain privileges via read and write operations with long strings. • https://www.exploit-db.com/exploits/33516 https://github.com/tempbottle/CVE-2014-0196 https://github.com/SunRain/CVE-2014-0196 http://bugzilla.novell.com/show_bug.cgi?id=875690 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4291086b1f081b869c6d79e5b7441633dc3ace00 http://linux.oracle.com/errata/ELSA-2014-0771.html http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2014-05/msg0001 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •