Page 33 of 184 results (0.006 seconds)

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2016-9435

https://notcve.org/view.php?id=CVE-2016-9435

The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to <dd> tags. La función HTMLtagproc1 en file.c en w3m en versiones anteriores a 0.5.3+git20161009 no inicia valores adecuadamente, lo que permite a atacantes remotos bloquear la aplicación a través de un archivo html manipulado, relacionado con etiquetas <dd> . </dd> • http://lists.opensuse.org/opensuse-updates/2016-12/msg00084.html http://www.openwall.com/lists/oss-security/2016/11/18/3 http://www.securityfocus.com/bid/94407 https://github.com/tats/w3m/commit/33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd https://github.com/tats/w3m/issues/16 https://security.gentoo.org/glsa/201701-08 • CWE-20: Improper Input Validation •

CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0

CVE-2016-9427

https://notcve.org/view.php?id=CVE-2016-9427

Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation. Vulnerabilidad de desbordamiento de entero en bdwgc en versiones anteriores a 2016-09-27 permite a atacantes provocar al cliente la denegación de servicio de bdwgc (caída de desbordamiento de búfer en memoria dinámica) y posiblemente ejecutar código arbitrario a través de asignación enorme. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00089.html http://lists.opensuse.org/opensuse-updates/2016-12/msg00115.html http://www.openwall.com/lists/oss-security/2016/11/18/3 http://www.securityfocus.com/bid/94407 https://github.com/ivmai/bdwgc/issues/135 https://lists.debian.org/debian-lts-announce/2022/03/msg00039.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •

CVSS: 5.5EPSS: 2%CPEs: 3EXPL: 0

CVE-2016-9556

https://notcve.org/view.php?id=CVE-2016-9556

The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. La función IsPixelGray en MagickCore/pixel-accessor.h en ImageMagick 7.0.3-8 permite a atacantes remotos provocar una denegación de servicio (lectura de memoria dinámica fuera de límites) a través de un archivo de imagen manipulado. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00040.html http://www.debian.org/security/2016/dsa-3726 http://www.openwall.com/lists/oss-security/2016/11/23/1 http://www.openwall.com/lists/oss-security/2016/12/01/4 http://www.openwall.com/lists/oss-security/2016/12/02/12 http://www.securityfocus.com/bid/94492 https://blogs.gentoo.org/ago/2016/11/19/imagemagick-heap-based-buffer-overflow-in-ispixelgray-pixel-accessor-h https://bugzilla.redhat.com/show_bug • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.6EPSS: 2%CPEs: 7EXPL: 0

CVE-2016-7797 – pacemaker: pacemaker remote nodes vulnerable to hijacking, resulting in a DoS attack

https://notcve.org/view.php?id=CVE-2016-7797

Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection. Pacemaker en versiones anteriores a 1.1.15, al usar el control remoto de marcapasos, podría permitir a atacantes remotos provocar una denegación de servicio (desconexión de nodo) a través de una conexión no autenticada. It was found that the connection between a pacemaker cluster and a pacemaker_remote node could be shut down using a new unauthenticated connection. A remote attacker could use this flaw to cause a denial of service. • http://bugs.clusterlabs.org/show_bug.cgi?id=5269 http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00001.html http://lists.opensuse.org/opensuse-updates/2016-12/msg00077.html http://rhn.redhat.com/errata/RHSA-2016-2578.html http://www.openwall.com/lists/oss-security/2016/10/01/1 http://www.securityfocus.com/bid/93261 https://github.com/ClusterLabs/pacemaker/commit/5ec24a2642bd0854b884d1a9b51d12371373b410 htt • CWE-254: 7PK - Security Features •

CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 2

CVE-2016-4303

https://notcve.org/view.php?id=CVE-2016-4303

The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow. La función parse_string en cjson.c en la librería cJSON no maneja correctamente cadenas UTF8/16, lo que permite a atacantes remotos provocar una denegación de servicio (caída) o ejecutar código arbitrario a través de un carácter no hexadecimal en una cadena JSON, lo que desencadena un desbordamiento de búfer basado en memoria dinámica. • http://blog.talosintel.com/2016/06/esnet-vulnerability.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00082.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00090.html http://software.es.net/iperf/news.html#security-issue-iperf-3-1-3-iperf-3-0-12-released http://www.talosintelligence.com/reports/TALOS-2016-0164 https://github.com/esnet/iperf/commit/91f2fa59e8ed80dfbf400add0164ee0e508e412a https://lists.debian.org/debian-lts-announce/2020/01/msg00023.html https://raw.github • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •