Page 72 of 1994 results (0.013 seconds)

CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 1

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c. SDL (Simple DirectMedia Layer), hasta la versión 1.2.15 y en versiones 2.x hasta la 2.0.9, tiene una sobrelectura de búfer basada en memoria dinámica (heap) en IMA_ADPCM_decode en audio/SDL_wave.c. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html https://bugzilla.libsdl.org/show_bug.cgi?id=4496 https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720 https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html https:/& • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 2

libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller. libcurl, desde la versión 7.34.0 hasta antes de la 7.64.0, es vulnerable a una lectura de memoria dinámica (heap) fuera de límites en el código que maneja el final de la respuesta para SMTP. Si el búfer que se pasa a "smtp_endofresp()" no termina en NUL, no contiene caracteres que terminen el número analizado y "len" se establece como 5, la llamada "strtol()" lee más allá del búfer asignado. Los contenidos de la lectura no se devolverán al llamante. • http://www.securityfocus.com/bid/106950 https://access.redhat.com/errata/RHSA-2019:3701 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3823 https://cert-portal.siemens.com/productcert/pdf/ssa-936080.pdf https://curl.haxx.se/docs/CVE-2019-3823.html https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E https://security.gentoo.org/glsa/201903-03 https://security.netapp.com/advisory/ntap-20190315-0001 https://usn.ubuntu • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 4%CPEs: 16EXPL: 1

libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds. Libcurl, desde la versión 7.36.0 hasta antes de la 7.64.0, es vulnerable a una lectura de memoria dinámica (heap) fuera de límites. La función que gestiona los mensajes entrantes NTLM de tipo 2 ("lib/vauth/ntlm.c:ntlm_decode_type2_target") no valida los datos entrantes correctamente y está sujeta a una vulnerabilidad de desbordamiento de enteros. • https://github.com/michelleamesquita/CVE-2018-16890 http://www.securityfocus.com/bid/106947 https://access.redhat.com/errata/RHSA-2019:3701 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890 https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf https://curl.haxx.se/docs/CVE-2018-16890.html https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E https://security.netapp.com/advisory/ntap-20190315-0001 https://sup • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •

CVSS: 9.8EPSS: 19%CPEs: 23EXPL: 1

libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. • http://www.securityfocus.com/bid/106950 https://access.redhat.com/errata/RHSA-2019:3701 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3822 https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf https://curl.haxx.se/docs/CVE-2019-3822.html https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E https://security.gentoo.org/glsa/201903-03 https://security.netapp.com/advisory/ntap-20190315-0001 https://security.n • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0

When JavaScript is used to create and manipulate an audio buffer, a potentially exploitable crash may occur because of a compartment mismatch in some situations. This vulnerability affects Firefox < 65. Cuando se utiliza JavaScript para crear y manipular un búfer de audio, podría ocurrir un cierre inesperado explotable debido a una no coincidencia de un compartimento en algunas situaciones. Esta vulnerabilidad afecta a las versiones anteriores a la 65 de Firefox. • http://www.securityfocus.com/bid/106773 https://usn.ubuntu.com/3874-1 https://www.mozilla.org/security/advisories/mfsa2019-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •