Page 64 of 1071 results (0.011 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2014-10375

https://notcve.org/view.php?id=CVE-2014-10375

handle_messages in eXtl_tls.c in eXosip before 5.0.0 mishandles a negative value in a content-length header. la función handle_messages en el archivo eXtl_tls.c en eXosip versiones anteriores a 5.0.0, maneja inapropiadamente un valor negativo en un encabezado content-length. • http://git.savannah.nongnu.org/cgit/exosip.git/commit/?id=2549e421c14aff886629b8482c14af800f411070 • CWE-189: Numeric Errors •

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1

CVE-2019-14444

https://notcve.org/view.php?id=CVE-2019-14444

apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf. La función apply_relocations en el archivo readelf.c en Binutils de GNU versión 2.32, contiene un desbordamiento de enteros que permite a los atacantes desencadenar una violación de acceso de escritura (en la función byte_put_little_endian en el archivo elfcomm.c) por medio de un archivo ELF, como es demostrado por readelf. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html https://security.gentoo.org/glsa/202007-39 https://security.netapp.com/advisory/ntap-20190822-0002 https://sourceware.org/bugzilla/show_bug.cgi?id=24829 https://usn.ubuntu.com/4336-1 • CWE-190: Integer Overflow or Wraparound •

CVSS: 9.3EPSS: 3%CPEs: 4EXPL: 0

CVE-2019-13638 – patch: OS shell command injection when processing crafted patch files

https://notcve.org/view.php?id=CVE-2019-13638

GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156. RouterOS de Mikrotik anterior a versión 6.44.5 (árbol de actualizaciones a largo plazo) es vulnerable al agotamiento de la memoria. Mediante el envío de una petición HTTP diseñada, un atacante remoto autenticado puede bloquear el servidor HTTP y, en algunas circunstancias, reiniciar el sistema. • http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html https://access.redhat.com/errata/RHSA-2019:2798 https://access.redhat.com/errata/RHSA-2019:2964 https://access.redhat.com/errata/RHSA-2019:3757 https://access.redhat.com/errata/RHSA-2019:3758 https://access.redhat.com/errata/RHSA-2019:4061 https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0 https://github.com/irsl/gnu-patch-vulnerabilities https://lists.fe • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1

CVE-2019-1010180 – gdb: buffer overflow while opening an ELF for debugging leads to Dos, information dislosure and code execution

https://notcve.org/view.php?id=CVE-2019-1010180

GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00029.html http://www.securityfocus.com/bid/109367 https://security.gentoo.org/glsa/202003-31 https://sourceware.org/bugzilla/show_bug.cgi?id=23657 https://access.redhat.com/security/cve/CVE-2019-1010180 https& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 2

CVE-2019-14250

https://notcve.org/view.php?id=CVE-2019-14250

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow. Se ha descubierto una vulnerabilidad en GNU libiberty, tal y como se distribuye en GNU Binutils versión 2.32. simple_object_elf_match in simple-object-elf.c no comprueba un valor shstrndx de cero, lo que lleva a un desbordamiento de enteros y un desbordamiento de búfer basado en memoria dinámica. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00056.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00057.html http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00058.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html http://www.securityfocus.com/bid/109354 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90924 https://gcc.gnu.org/ml/gcc • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •