Page 51 of 273 results (0.013 seconds)

CVSS: 3.5EPSS: 0%CPEs: 30EXPL: 0

The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy. La función krb5_ldap_get_password_policy_from_dn en plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c en MIT Kerberos 5 (también conocido como krb5) anterior a 1.13.1, cuando el KDC utiliza LDAP, permite a usuarios remotos autenticados causar una denegación de servicio (caída del demonio) a través de una consulta LDAP con éxito pero sin resultados, tal y como fue demostrado mediante el uso de un tipo de objeto incorrecto para una política de contraseñas. If kadmind were used with an LDAP back end for the KDC database, a remote, authenticated attacker who has the permissions to set the password policy could crash kadmind by attempting to use a named ticket policy object as a password policy for a principal. • http://advisories.mageia.org/MGASA-2014-0536.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155828.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00061.html http://rhn.redhat.com/errata/RHSA-2015-0439.html http://rhn.redhat.com/errata/RHSA-2015-0794.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:009 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.securityfocus.com/bid/71679 http://www.sec • CWE-476: NULL Pointer Dereference •

CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0

BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address. BSD mailx versión 8.1.2 y anteriores, permiten a atacantes remotos ejecutar comandos arbitrarios por medio de una dirección de correo electrónico diseñada. A flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-characters (CVE-2004-2771) and the direct command execution functionality (CVE-2014-7844). • http://linux.oracle.com/errata/ELSA-2014-1999.html http://rhn.redhat.com/errata/RHSA-2014-1999.html http://seclists.org/oss-sec/2014/q4/1066 http://www.debian.org/security/2014/dsa-3104 http://www.debian.org/security/2014/dsa-3105 https://access.redhat.com/security/cve/CVE-2014-7844 https://bugzilla.redhat.com/show_bug.cgi?id=1162783 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 5.0EPSS: 2%CPEs: 23EXPL: 0

Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats. Desbordamiento de buffer basado en memoria dinámica en PCRE 8.36 y anteriores permite a atacantes remotos causar una denegación de servicio (caída) o tener otro impacto no especificado a través de una expresión regular manipulada, relacionado con una aserción que permite cero repeticiones. A flaw was found in the way PCRE handled certain malformed regular expressions. This issue could cause an application (for example, Konqueror) linked against PCRE to crash while parsing malicious regular expressions. • http://advisories.mageia.org/MGASA-2014-0534.html http://bugs.exim.org/show_bug.cgi?id=1546 http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145843.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147474.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147511.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147516.html http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html http://rhn.redhat • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 7%CPEs: 15EXPL: 0

The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data. La función host_from_stream_offset en arch_init.c en QEMU, cuando carga RAM durante la migración, permite a atacantes remotos ejecutar código arbitrario a través de un valor (1) offset o (2) length manipulado en datos savevm. It was found that certain values that were read when loading RAM during migration were not validated. A user able to alter the savevm data (either on the disk or over the wire during migration) could use either of these flaws to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=0be839a2701369f669532ea5884c15bead1c6e08 http://rhn.redhat.com/errata/RHSA-2015-0349.html http://rhn.redhat.com/errata/RHSA-2015-0624.html http://thread.gmane.org/gmane.comp.emulators.qemu/306117 https://bugzilla.redhat.com/show_bug.cgi?id=1163075 https://exchange.xforce.ibmcloud.com/vulnerabilities/99194 https://access.redhat.com/security/cve/CVE-2014-7840 • CWE-20: Improper Input Validation CWE-122: Heap-based Buffer Overflow •

CVSS: 5.2EPSS: 74%CPEs: 22EXPL: 0

The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value. La función set_pixel_format en ui/vnc.c en QEMU permite a atacantes remotos causar una denegación de servicio (caída) a través de valores pequeños de bytes_per_pixel. An uninitialized data structure use flaw was found in the way the set_pixel_format() function sanitized the value of bits_per_pixel. An attacker able to access a guest's VNC console could use this flaw to crash the guest. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=e6908bfe8e07f2b452e78e677da1b45b1c0f6829 http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html http://rhn.redhat.com/errata/RHSA-2015-0349.html http://rhn.redhat.com/errata/RHSA-2015-0624.html http://secunia.com/advisories/61484 http://secunia.com/advisories/62143 http://secunia.com/advisories/62144 http://support.citrix.com/article/CTX200892 http://www.debian.org/security/2014/dsa-3066 http://www.debian.org/secu • CWE-20: Improper Input Validation •