Page 5 of 128 results (0.009 seconds)

CVSS: 5.5EPSS: 1%CPEs: 15EXPL: 0

CVE-2014-9853

https://notcve.org/view.php?id=CVE-2014-9853

Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file. Fuga de memoria en los coders/rle.c de ImageMagick permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de un archivo rle manipulado. • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2016-08 • CWE-399: Resource Management Errors •

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0

CVE-2017-5898 – Qemu: usb: integer overflow in emulated_apdu_from_guest

https://notcve.org/view.php?id=CVE-2017-5898

Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units (APDU) unit. Desbordamiento de entero en la función emulated_apdu_from_guest en usb/dev-smartcard-reader.c en Quick Emulator (Qemu), cuando se construye con el soporte de emulador de dispositivo de CCID Card, permite a usuarios locales provocar una denegación de servicio (caída de aplicación) a través de una unidad Unidad de datos de protocolo (APDU) grande. An integer overflow flaw was found in Quick Emulator (QEMU) in the CCID Card device support. The flaw could occur while passing messages via command/response packets to and from the host. A privileged user inside a guest could use this flaw to crash the QEMU process. • http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=c7dfbf322595ded4e70b626bf83158a9f3807c6a http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00045.html http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00048.html http://www.openwall.com/lists/oss-security/2017/02/07/3 http://www.securityfocus.com/bid/96112 https://access.redhat.com/errata/RHSA-2017:1856 https://access.redhat.com/errata/RHSA-2017:2392 https://bugzilla.redhat.com/show_bug.cgi?id=1419699 htt • CWE-190: Integer Overflow or Wraparound •

CVSS: 8.6EPSS: 2%CPEs: 7EXPL: 0

CVE-2016-7797 – pacemaker: pacemaker remote nodes vulnerable to hijacking, resulting in a DoS attack

https://notcve.org/view.php?id=CVE-2016-7797

Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection. Pacemaker en versiones anteriores a 1.1.15, al usar el control remoto de marcapasos, podría permitir a atacantes remotos provocar una denegación de servicio (desconexión de nodo) a través de una conexión no autenticada. It was found that the connection between a pacemaker cluster and a pacemaker_remote node could be shut down using a new unauthenticated connection. A remote attacker could use this flaw to cause a denial of service. • http://bugs.clusterlabs.org/show_bug.cgi?id=5269 http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00001.html http://lists.opensuse.org/opensuse-updates/2016-12/msg00077.html http://rhn.redhat.com/errata/RHSA-2016-2578.html http://www.openwall.com/lists/oss-security/2016/10/01/1 http://www.securityfocus.com/bid/93261 https://github.com/ClusterLabs/pacemaker/commit/5ec24a2642bd0854b884d1a9b51d12371373b410 htt • CWE-254: 7PK - Security Features •

CVSS: 5.5EPSS: 1%CPEs: 4EXPL: 1

CVE-2015-8929

https://notcve.org/view.php?id=CVE-2015-8929

Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file. Fuga de memoria en la función __archive_read_get_extract en archive_read_extract2.c en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos provocar una denegación de servicio a través de un archivo tar manipulado. • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html http://www.openwall.com/lists/oss-security/2016/06/17/2 http://www.openwall.com/lists/oss-security/2016/06/17/5 http://www.securityfocus.com/bid/91340 https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html https://github.com/libarchive/libarchive/issues/517 https://security.gentoo.org/glsa/201701-03 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 1

CVE-2015-8934 – libarchive: out of bounds heap read in RAR parser

https://notcve.org/view.php?id=CVE-2015-8934

The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted rar file. La función copy_from_lzss_window en archive_read_support_format_rar.c en libarchive 3.2.0 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (lectura de memoria dinámica fuera de rango) a través de un archivo rar manipulado. A vulnerability was found in libarchive. A specially crafted RAR file could cause the application to read memory beyond the end of the decompression buffer. • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html http://rhn.redhat.com/errata/RHSA-2016-1844.html http://www.debian.org/security/2016/dsa-3657 http://www.openwall.com/lists/oss-security/2016/06/17/2 http://www.openwall.com/lists/oss-security/2016/06/17/5 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.securityfocus.com/bid/91409 htt • CWE-125: Out-of-bounds Read •