Page 23 of 208 results (0.016 seconds)

CVSS: 7.5EPSS: 4%CPEs: 21EXPL: 0

Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c. Múltiples desbordamientos de entero en FreeType v2.3.9 y anteriores permiten a atacantes remotos ejecutar código de su elección mediante vectores relacionados con valores grandes en ciertas entradas en (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, y (3) cff/cffload.c. • http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/May/msg • CWE-190: Integer Overflow or Wraparound •

CVSS: 2.1EPSS: 0%CPEs: 18EXPL: 0

Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments. Desbordamiento de búfer en la función util_path_encode en udev/lib/libudev-util.c en udev antes de v1.4.1 permite a usuarios locales provocar una denegación de servicio (parada del servicio) mediante vectores que disparan una llamada con argumentos manipulados. • http://git.kernel.org/?p=linux/hotplug/udev.git%3Ba=commitdiff%3Bh=662c3110803bd8c1aedacc36788e6fd028944314 http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00006.html http://secunia.com/advisories/34731 http://secunia.com/advisories/34750 http://secunia.com/advisories/34753 http://secunia.com/advisories/34771 http://secunia.com/advisories/34776 http://secunia.com/advisories/34785 http://secunia.com/advisories/34787 http://secunia.com/advisories/34801 http://slackware.com/sec • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 7.2EPSS: 0%CPEs: 22EXPL: 3

udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space. udev antes de v1.4.1 no verifica si un mensaje NETLINK es generado desde el espacio del kernel, lo que permite a usuarios locales obtener privilegios mediante el envio de un mensaje NETLIINK desde el espacio de usuario. Versions of udev < 1.4.1 do not verify that netlink messages are coming from the kernel. This allows local users to gain privileges by sending netlink messages from userland. • https://www.exploit-db.com/exploits/8478 https://www.exploit-db.com/exploits/8572 https://www.exploit-db.com/exploits/21848 http://git.kernel.org/?p=linux/hotplug/udev.git%3Ba=commitdiff%3Bh=e2b362d9f23d4c63018709ab5f81a02f72b91e75 http://git.kernel.org/?p=linux/hotplug/udev.git%3Ba=commitdiff%3Bh=e86a923d508c2aed371cdd958ce82489cf2ab615 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.opensuse.org/opensuse-secu • CWE-346: Origin Validation Error CWE-862: Missing Authorization •

CVSS: 10.0EPSS: 64%CPEs: 18EXPL: 0

The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer. La función asn1_decode_generaltime en lib/krb5/asn.1/asn1_decode.c en el decodificador ASN.1 GeneralizedTime en MIT Kerberos 5 (también conocido como Krb5) anteriores a v1.6.4, permite a atacantes remotos provocar una denegación de servicio (caída del demonio) o posiblemente ejecución de código de su elección a través de vectores que implican una codificación DER inválida, que provocará una liberación del puntero no inicializado. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.vmware.com/pipermail/security-announce/2009/000059.html http://marc.info/?l=bugtraq&m=124896429301168&w=2 http://marc.info/?l=bugtraq&m=130497213107107&w=2 http://rhn.redhat.com/errata/RHSA-2009-0409.html http://rhn.redhat.com/errata/RHSA-2009-0410.html http://secunia.com/advisories/34594 http://secunia.com/advisories/34598 http://secunia.com/advisories/34617 http://secunia.com/adv • CWE-416: Use After Free CWE-824: Access of Uninitialized Pointer •

CVSS: 4.9EPSS: 0%CPEs: 10EXPL: 0

The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX implementation in the KVM subsystem in the Linux kernel before 2.6.29.1 on the i386 platform allows guest OS users to cause a denial of service (OOPS) by setting the EFER_LME (aka "Long mode enable") bit in the Extended Feature Enable Register (EFER) model-specific register, which is specific to the x86_64 platform. La función vmx_set_msr en arch/x86/kvm/vmx.c en la implementación VMX en el subsistema KVM en el kernel de Linux anteriores a v2.6.29.1 en la plataforma i386 permite a los usuarios invitados del SO causar una denegación de servicio (OOPS) estableciendo el bit EFER_LME (también conocido como "modo largo habilitado") en la Extended Feature Enable Register (EFER) registro específico de modelo, lo que es específico para la plataforma x86_64. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=16175a796d061833aacfbd9672235f2d2725df65 http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00002.html http://openwall.com/lists/oss-security/2009/04/01/3 http://patchwork.kernel.org/patch/15549 http://secunia.com/advisories/34478 http://secunia.com/advisories/34981 http://secunia.com/advisories/35120 http://secunia.com • CWE-20: Improper Input Validation •