CVSS: 6.8EPSS: 0%CPEs: 13EXPL: 0CVE-2013-1987 – libXrender: Multiple integer overflows leading to heap-based bufer overflows
https://notcve.org/view.php?id=CVE-2013-1987
Multiple integer overflows in X.org libXrender 0.9.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRenderQueryFilters, (2) XRenderQueryFormats, and (3) XRenderQueryPictIndexValues functions. Múltiples desbordamientos de enteros en X.org libxrender v0.9.7 y anteriores permiten que los servidores X provoquen una asignación de memoria insuficiente y un desbordamiento de búfer a través de vectores relacionados con las funciones (1) XRender QueryFilters, (2) XRenderQueryFormats, y (3) XRenderQueryPictIndexValues??. • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106862.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00141.html http://www.debian.org/security/2013/dsa-2677 http://www.openwall.com/lists/oss-security/2013/05/23/3 http://www.securityfocus.com/bid/60132 http://www.ubuntu.com/usn/USN-1863-1 http://www.x.org/wiki/Development/Security/Advisory-2013-05-23 https://access.redhat.com/security/cve/CVE-2013-1987 https://bugzilla.redhat.com/show& • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •
CVSS: 6.8EPSS: 0%CPEs: 24EXPL: 0CVE-2013-2064 – libxcb: Integer overflow leading to heap-based buffer overflow
https://notcve.org/view.php?id=CVE-2013-2064
Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function. Desbordamiento de entero en X.org libxcb v1.9 y anteriores permite a los servidores X activar la asignación de memoria insuficiente y provocar un desbordamiento de búfer a través de vectores relacionados con la función read_packet. • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106752.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00137.html http://www.debian.org/security/2013/dsa-2686 http://www.openwall.com/lists/oss-security/2013/05/23/3 http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.securityfocus.com/bid/60148 http://www.ubuntu.com/usn/USN-1855-1 http://www.x.org/wiki/Development/Security/Advisory-2013-05-23 https://access. • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •
CVSS: 5.1EPSS: 20%CPEs: 27EXPL: 0CVE-2013-1862 – httpd: mod_rewrite allows terminal escape sequences to be written to the log file
https://notcve.org/view.php?id=CVE-2013-1862
mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator. mod_rewrite.c en el modulo mod_rewrite en Apache HTTP Server v2.2.x anterior a v2.2.25 escribe datos en un archivo de log sin eliminar caracteres no imprimibles, lo que podría permitir a un atacante remotos ejecutar comandos arbitrarios a través de una petición HTTP que contiene una secuencia de escape para un emulador de terminal. • http://lists.opensuse.org/opensuse-updates/2013-08/msg00026.html http://lists.opensuse.org/opensuse-updates/2013-08/msg00029.html http://lists.opensuse.org/opensuse-updates/2013-08/msg00030.html http://people.apache.org/~jorton/mod_rewrite-CVE-2013-1862.patch http://rhn.redhat.com/errata/RHSA-2013-0815.html http://rhn.redhat.com/errata/RHSA-2013-1207.html http://rhn.redhat.com/errata/RHSA-2013-1208.html http://rhn.redhat.com/errata/RHSA-2013-1209.html http://secunia. •
CVSS: 5.0EPSS: 13%CPEs: 60EXPL: 0CVE-2013-2020
https://notcve.org/view.php?id=CVE-2013-2020
Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read. Desbordamiento de entero en la función cli_scanpe en pe.c en ClamAV anterior a v0.97.8 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de un desplazamiento mayor que el tamaño de las secciones PE en un paquete ejecutable UPX, que dispara un error de salida de rango en la lectura. • http://blog.clamav.net/2013/04/clamav-0978-has-been-released.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109514.html http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109639.html http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109652.html http://lists.fedoraproject.org/pipermail/package-announce&# • CWE-189: Numeric Errors •
CVSS: 4.3EPSS: 7%CPEs: 14EXPL: 0CVE-2013-2021
https://notcve.org/view.php?id=CVE-2013-2021
pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted length value in an encrypted PDF file. pdf.c en ClamAV v0.97.1 hasta v0.97.7 ermite a atacantes remotos provocar una denegación de servicio (lectura fuera de limite) a través de la modificación de longitud en un fichero PDF cifrado. • http://blog.clamav.net/2013/04/clamav-0978-has-been-released.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109514.html http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109639.html http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109652.html http://lists.fedoraproject.org/pipermail/package-announce&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •