Page 79 of 680 results (0.007 seconds)

CVSS: 5.0EPSS: 2%CPEs: 4EXPL: 0

CVE-2015-1546

https://notcve.org/view.php?id=CVE-2015-1546

Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a matched values control. Vulnerabilidad de liberación doble en la función get_vrFilter en servers/slapd/filter.c en OpenLDAP 2.4.40 permite a atacantes remotos causar una denegación de servicio (caída) a través de una consulta de búsqueda manipulada con control de valores coincidentes. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.opensuse.org/opensuse-updates/2015-07/msg00069.html http://secunia.com/advisories/62787 http://www.mandriva.com/security/advisories?name=MDVSA-2015:073 http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commit%3Bh=2f1a2dd329b91afe561cd06b872d09630d4edb6a http://www.openldap.org/its/?findid=8046 http://www.openwall.com/lists/oss-security/2015/02/07/3 https://bugs.debian.org/cgi-bin/bugreport.cgi •

CVSS: 6.4EPSS: 6%CPEs: 4EXPL: 0

CVE-2015-0255 – xorg-x11-server: information leak in the XkbSetGeometry request of X servers

https://notcve.org/view.php?id=CVE-2015-0255

X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request. X.Org Server (también conocido como xserver y xorg-server) anterior a 1.16.3 y 1.17.x anterior a 1.17.1 permite a atacantes remotos obtener información sensible de la memoria de procesos o causar una denegación de servicio (caída) a través de un valor de longitud de cadena manipulado en una solicitud XkbSetGeometry. A buffer overflow flaw was found in the way the X.Org server handled XkbGetGeometry requests. A malicious, authorized client could use this flaw to disclose portions of the X.Org server memory, or cause the X.Org server to crash using a specially crafted XkbGetGeometry request. • http://advisories.mageia.org/MGASA-2015-0073.html http://lists.opensuse.org/opensuse-updates/2015-02/msg00085.html http://lists.opensuse.org/opensuse-updates/2015-02/msg00086.html http://rhn.redhat.com/errata/RHSA-2015-0797.html http://www.debian.org/security/2015/dsa-3160 http://www.mandriva.com/security/advisories?name=MDVSA-2015:119 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html ht • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.8EPSS: 2%CPEs: 24EXPL: 1

CVE-2014-9666

https://notcve.org/view.php?id=CVE-2014-9666

The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted embedded bitmap. La función tt_sbit_decoder_init en sfnt/ttsbit.c en FreeType anterior a 2.5.4 proceda con una asociación de contar a tamaño (count-to-size) sin restringir el valor de la cuenta, lo que permite a atacantes remotos causar una denegación de servicio (desbordamiento de enteros y lectura fuera de rango o posiblemente tener otro impacto a través de un bitmap embebido manipulado. • http://advisories.mageia.org/MGASA-2015-0083.html http://code.google.com/p/google-security-research/issues/detail?id=167 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=257c270bd25e15890190a28a1456e7623bba4439 http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html http://www.debian.org/security/2015/dsa-3188 http • CWE-189: Numeric Errors •

CVSS: 6.8EPSS: 1%CPEs: 24EXPL: 1

CVE-2014-9669 – freetype: multiple integer overflows leading to buffer over-reads in cmap handling

https://notcve.org/view.php?id=CVE-2014-9669

Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table. Múltiples desbordamientos de enteros en sfnt/ttcmap.c en FreeType anterior a 2.5.4 permiten a atacantes remotos causar una denegación de servicio (lectura fuera de rango o corrupción de memoria) o posiblemente tener otro impacto no especificado a través de una tabla SFNT cmap manipulada. • http://advisories.mageia.org/MGASA-2015-0083.html http://code.google.com/p/google-security-research/issues/detail?id=163 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=602040b1112c9f94d68e200be59ea7ac3d104565 http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html http://rhn.redhat.com/errata/RHSA-2015-0696.html • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 2%CPEs: 24EXPL: 1

CVE-2014-9660 – freetype: missing ENDCHAR NULL pointer dereference in the _bdf_parse_glyphs()

https://notcve.org/view.php?id=CVE-2014-9660

The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font. La función _bdf_parse_glyphs en bdf/bdflib.c en FreeType anterior a 2.5.4 no maneja correctamente un registro ENDCHAR perdido, lo que permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo) o posiblemente tener otro impacto no especificado a través de una fuente BDF manipulada. • http://advisories.mageia.org/MGASA-2015-0083.html http://code.google.com/p/google-security-research/issues/detail?id=188 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=af8346172a7b573715134f7a51e6c5c60fa7f2ab http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html http://rhn.redhat.com/errata/RHSA-2015-0696.html • CWE-476: NULL Pointer Dereference •