Page 38 of 189 results (0.018 seconds)

CVSS: 8.8EPSS: 1%CPEs: 11EXPL: 1

mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file. mapping0_forward en mapping0.c en Xiph.Org libvorbis 1.3.6 no valida el número de canales, lo que permite que atacantes remotos provoquen una denegación de servicio (desbordamiento o sobrelectura de búfer basada en memoria dinámica o heap) o provocar cualquier otro tipo de problema mediante un archivo manipulado. A heap-based buffer overflow was found in the encoder functionality of the libvorbis library. An attacker could create a malicious file to cause a denial of service, crashing the application containing the library. • https://access.redhat.com/errata/RHSA-2019:3703 https://gitlab.xiph.org/xiph/vorbis/issues/2335 https://lists.debian.org/debian-lts-announce/2019/11/msg00031.html https://lists.debian.org/debian-lts-announce/2021/11/msg00023.html https://security.gentoo.org/glsa/202003-36 https://access.redhat.com/security/cve/CVE-2018-10392 https://bugzilla.redhat.com/show_bug.cgi?id=1574193 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0

bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read. bark_noise_hybridmp en psy.c en Xiph.Org libvorbis 1.3.6 tiene una sobrelectura de búfer basada en pila. A stack-based buffer overflow was found in the encoder functionality of the libvorbis library. An attacker could create a malicious file to cause a denial of service, crashing the application containing the library. • https://access.redhat.com/errata/RHSA-2019:3703 https://gitlab.xiph.org/xiph/vorbis/issues/2334 https://lists.debian.org/debian-lts-announce/2019/11/msg00031.html https://lists.debian.org/debian-lts-announce/2021/11/msg00023.html https://security.gentoo.org/glsa/202003-36 https://access.redhat.com/security/cve/CVE-2018-10393 https://bugzilla.redhat.com/show_bug.cgi?id=1574194 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •

CVSS: 9.8EPSS: 87%CPEs: 174EXPL: 1

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. En Apache Log4j 2.x en versiones anteriores a 2.8.2, cuando se utiliza el servidor de socket TCP o el servidor de socket UDP para recibir sucesos de registro serializados de otra aplicación, puede enviarse una carga binaria especialmente diseñada que, cuando se deserializa, puede ejecutar código arbitrario. It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. • https://github.com/pimps/CVE-2017-5645 http://www.openwall.com/lists/oss-security/2019/12/19/2 http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/97702 http://www.securitytracker.com/id/1040200 http://www.securit • CWE-502: Deserialization of Untrusted Data •

CVSS: 4.3EPSS: 0%CPEs: 32EXPL: 0

PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters. PostgreSQL v8.4.x antes de v8.4.11, v9.0.x antes de v9.0.7, y v9.1.x antes de v9.1.3 trunca el nombre común a sólo 32 caracteres en la verificación de los certificados SSL, lo que permite a atacantes remotos falsificar conexiones cuando el nombre de host es exactamente de 32 caracteres. • http://lists.opensuse.org/opensuse-updates/2012-09/msg00060.html http://rhn.redhat.com/errata/RHSA-2012-0678.html http://secunia.com/advisories/49273 http://www.debian.org/security/2012/dsa-2418 http://www.mandriva.com/security/advisories?name=MDVSA-2012:026 http://www.postgresql.org/about/news/1377 http://www.postgresql.org/docs/8.4/static/release-8-4-11.html http://www.postgresql.org/docs/9.0/static/release-9-0-7.html http://www.postgresql.org/docs/9.1&#x • CWE-20: Improper Input Validation CWE-295: Improper Certificate Validation •