Page 30 of 521 results (0.010 seconds)

CVSS: 5.0EPSS: 3%CPEs: 10EXPL: 0

CVE-2013-6438 – httpd: mod_dav denial of service via crafted DAV WRITE request

https://notcve.org/view.php?id=CVE-2013-6438

The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request. La función dav_xml_get_cdata en main/util.c en el módulo mod_dav en el Apache HTTP Server anterior a 2.4.8 no elimina debidamente caracteres de espacio en blanco de secciones CDATA, lo que permite a atacantes remotos causar una denegación de servicio (caída de demonio) a través de una solicitud DAV WRITE manipulada. • http://advisories.mageia.org/MGASA-2014-0135.html http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://marc.info/?l=bugtraq&m=141017844705317&w=2 http://marc.info/?l=bugtraq&m=141390017113542&w=2 http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/58230 http://secunia.com/advisories/59315 http: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 0%CPEs: 7EXPL: 0

CVE-2013-4496 – samba: Password lockout not enforced for SAMR password changes

https://notcve.org/view.php?id=CVE-2013-4496

Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obtain access via brute-force ChangePasswordUser2 (1) SAMR or (2) RAP attempts. Samba 3.x anterior a 3.6.23, 4.0.x anterior a 4.0.16 y 4.1.x anterior a 4.1.6 no fuerza el mecanismo de protección de adivinación de contraseña para todas las interfaces, lo que facilita a atacantes remotos obtener acceso a través de intentos de fuerza bruta de ChangePasswordUser2 (1) SAMR o (2) RAP. • http://advisories.mageia.org/MGASA-2014-0138.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00062.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00063.html http://rhn. • CWE-255: Credentials Management Errors •

CVSS: 4.3EPSS: 95%CPEs: 13EXPL: 0

CVE-2014-2270 – file: out-of-bounds access in search rules with offsets from input file

https://notcve.org/view.php?id=CVE-2014-2270

softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable. softmagic.c en archivo anterior a 5.17 y libmagic permite a atacantes dependientes de contexto causar una denegación de servicio (acceso a memoria fuera de rango y caída) a través de desplazamientos (“offsets”) manipulados en el softmagic de un ejecutable PE. A denial of service flaw was found in the way the File Information (fileinfo) extension handled search rules. A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU. • http://bugs.gw.com/view.php?id=313 http://lists.opensuse.org/opensuse-updates/2014-03/msg00034.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00037.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00084.html http://rhn.redhat.com/errata/RHSA-2014-1765.html http://seclists.org/oss-sec/2014/q1/473 http://seclists.org/oss-sec/2014/q1/504 http://seclists.org/oss-sec/2014/q1/505 http://support.apple.com/kb/HT6443 http://www.debian.or • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •

CVSS: 4.4EPSS: 0%CPEs: 53EXPL: 0

CVE-2013-6476

https://notcve.org/view.php?id=CVE-2013-6476

The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file. La función OPVPWrapper::loadDriver en oprs/OPVPWrapper.cxx en el filtro pdftoopvp en CUPS y cups-filters anterior a 1.0.47 permite a usuarios locales ganar privilegios a través de un controlador caballo de troya en el mismo directorio que el archivo de PDF. • http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176 http://www.debian.org/security/2014/dsa-2875 http://www.debian.org/security/2014/dsa-2876 http://www.ubuntu.com/usn/USN-2143-1 http://www.ubuntu.com/usn/USN-2144-1 https://bugzilla.redhat.com/show_bug.cgi?id=1027551 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.8EPSS: 11%CPEs: 53EXPL: 0

CVE-2013-6474

https://notcve.org/view.php?id=CVE-2013-6474

Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file. Desbordamiento de buffer basado en memoria dinámica en el filtro pdftoopvp en CUPS y cups-filters anterior a 1.0.47 permite a atacantes remotos ejecutar código arbitrario a través de un archivo PDF manipulado. • http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176 http://www.debian.org/security/2014/dsa-2875 http://www.debian.org/security/2014/dsa-2876 http://www.securityfocus.com/bid/66163 http://www.ubuntu.com/usn/USN-2143-1 http://www.ubuntu.com/usn/USN-2144-1 https://bugzilla.redhat.com/show_bug.cgi?id=1027548 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •