Page 32 of 341 results (0.008 seconds)

CVSS: 2.1EPSS: 0%CPEs: 4EXPL: 0

CVE-2013-0222 – coreutils: segfault in uniq with long line input

https://notcve.org/view.php?id=CVE-2013-0222

The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function. SUSE coreutils-i18n.patch para GNU permite a atacantes dependientes del contexto provocar una denegación de servicio (caída y fallo de segmentación) a través de una cadena larga hacia el comando uniq, lo que desencadena en un desbordamiento de búfer basado en pila en la función alloca. • http://rhn.redhat.com/errata/RHSA-2013-1652.html https://bugzilla.novell.com/show_bug.cgi?id=796243 https://bugzilla.redhat.com/show_bug.cgi?id=903465 https://build.opensuse.org/request/show/149348#diff_headline_coreutils-i18n-patch_diff_action_0_submit_0_19 https://access.redhat.com/security/cve/CVE-2013-0222 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-665: Improper Initialization •

CVSS: 4.3EPSS: 2%CPEs: 3EXPL: 3

CVE-2013-0221 – GNU Coreutils 'sort' Text Utility - Local Buffer Overflow

https://notcve.org/view.php?id=CVE-2013-0221

The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the alloca function. SUSE coreutils-i18n.patch para GNU coreutils permite a atacantes dependientes del contexto provocar una denegación de servicio (caída y fallo de segmentación) a través de una cadena larga hacia el comando sort, cuando se usa el switch (1) -d o (2) -M, lo que desencadena en un desbordamiento de búfer basado en pila en la función alloca. • https://www.exploit-db.com/exploits/38232 http://rhn.redhat.com/errata/RHSA-2013-1652.html https://bugzilla.novell.com/show_bug.cgi?id=798538 https://bugzilla.redhat.com/show_bug.cgi?id=903464 https://build.opensuse.org/request/show/149348#diff_headline_coreutils-i18n-patch_diff_action_0_submit_0_19 https://access.redhat.com/security/cve/CVE-2013-0221 • CWE-20: Improper Input Validation CWE-665: Improper Initialization •

CVSS: 2.1EPSS: 0%CPEs: 4EXPL: 1

CVE-2013-0223 – coreutils: segfault in "join -i" with long line input

https://notcve.org/view.php?id=CVE-2013-0223

The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i switch, which triggers a stack-based buffer overflow in the alloca function. SUSE coreutils-i18n.patch para GNU permite a atacantes dependientes del contexto provocar una denegación de servicio (caída y fallo de segmentación) a través de una cadena larga hacia el comando join, cuando se usa el switch -i, lo que desencadena en un desbordamiento de búfer basado en pila en la función alloca. • http://rhn.redhat.com/errata/RHSA-2013-1652.html https://bugzilla.novell.com/show_bug.cgi?id=798541 https://bugzilla.redhat.com/show_bug.cgi?id=903466 https://build.opensuse.org/request/show/149348#diff_headline_coreutils-i18n-patch_diff_action_0_submit_0_19 https://access.redhat.com/security/cve/CVE-2013-0223 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-665: Improper Initialization •

CVSS: 10.0EPSS: 32%CPEs: 30EXPL: 0

CVE-2013-2555 – Adobe Flash RTMP Parsing Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2013-2555

Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013. Adobe Flash Player v11.6.602.171 en Windows permite a atacantes remotos ejecutar código arbitrario a través de vectores que aprovechan un "desbordamiento", como lo demuestra VUPEN durante un concurso Pwn2Own en CanSecWest 2013. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of RTMP data. The issue lies in the ability to exchange objects, allowing for an object confusion vulnerability. • http://archives.neohapsis.com/archives/bugtraq/2013-04/0197.html http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157 http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00019.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00081.html http://marc.info/?l=bugtraq&m=139455789818399&w=2 http://rhn.redhat.com/errata/RHSA-2013-0730.html http://twitter.com/VUP • CWE-190: Integer Overflow or Wraparound •

CVSS: 2.9EPSS: 0%CPEs: 25EXPL: 0

CVE-2013-2481

https://notcve.org/view.php?id=CVE-2013-2481

Integer signedness error in the dissect_mount_dirpath_call function in epan/dissectors/packet-mount.c in the Mount dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6, when nfs_file_name_snooping is enabled, allows remote attackers to cause a denial of service (application crash) via a negative length value. Error de entero sin signo en la función dissect_mount_dirpath_call en el disector Mount en Wireshark v1.6.x anterior a v1.6.14 y v1.8.x anterior a v1.8.6 cuando nfs_file_name_snooping está habilitado, permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) mediante un valor con longitud negativa. • http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-mount.c?r1=47672&r2=47671&pathrev=47672 http://anonsvn.wireshark.org/viewvc?view=revision&revision=47672 http://lists.opensuse.org/opensuse-updates/2013-03/msg00065.html http://lists.opensuse.org/opensuse-updates/2013-03/msg00077.html http://secunia.com/advisories/52471 http://www.debian.org/security/2013/dsa-2644 http://www.wireshark.org/docs/relnotes/wireshark-1.6.14.html http://www.wireshark.org/docs/relnotes/wireshark • CWE-189: Numeric Errors •