Page 83 of 441 results (0.013 seconds)

CVSS: 5.0EPSS: 1%CPEs: 18EXPL: 0

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Swing. Vulnerabilidad no especificada en Oracle Java SE 5.0u75, 6u85, 7u72, y 8u25 permite a atacantes remotos afectar la confidencialidad a través de vectores desconocidos relacionados con Swing. An information leak flaw was found in the Swing component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. • http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581 http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html http://marc.info/?l=bugtraq&m=142496355704097&w=2 http://marc.info/?l=bugtraq&m=142607790919348&w=2 http://rhn.redhat.com/errata/RHSA-2015-0068.html http://rhn.redhat.com/errata/RHSA& •

CVSS: 6.8EPSS: 15%CPEs: 3EXPL: 0

Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file. Doble vulnerabilidad de liberación en la función jas_iccattrval_destroy en JasPer 1.900.1 y anteriores permite a atacantes remotos causar una denegación de servicio (caída) o la posibilidad de ejecutar código arbitrario a través del perfil de color ICC modificado en un archivo de imagen JPEG 2000 A double free flaw was found in the way JasPer parsed ICC color profiles in JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. • http://advisories.mageia.org/MGASA-2014-0539.html http://lists.opensuse.org/opensuse-updates/2015-01/msg00013.html http://lists.opensuse.org/opensuse-updates/2015-01/msg00014.html http://lists.opensuse.org/opensuse-updates/2015-01/msg00017.html http://packetstormsecurity.com/files/129660/JasPer-1.900.1-Double-Free-Heap-Overflow.html http://rhn.redhat.com/errata/RHSA-2014-2021.html http://rhn.redhat.com/errata/RHSA-2015-0698.html http://rhn.redhat.com/errata/RHSA-2015-1713.html htt • CWE-416: Use After Free •

CVSS: 7.5EPSS: 23%CPEs: 3EXPL: 0

Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 file. Desbordamiento de buffer basado en memoria dinámica en la función jp2_decode en JasPer 1.900.1 y anterior permite a atacantes remotos causar una denegación de servicio (caída) o la posibilidad de ejecutar código arbitrario a través de un archivo modificado JPEG 2000. A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. • http://advisories.mageia.org/MGASA-2014-0539.html http://lists.opensuse.org/opensuse-updates/2015-01/msg00013.html http://lists.opensuse.org/opensuse-updates/2015-01/msg00014.html http://lists.opensuse.org/opensuse-updates/2015-01/msg00017.html http://packetstormsecurity.com/files/129660/JasPer-1.900.1-Double-Free-Heap-Overflow.html http://rhn.redhat.com/errata/RHSA-2014-2021.html http://rhn.redhat.com/errata/RHSA-2015-0698.html http://rhn.redhat.com/errata/RHSA-2015-1713.html htt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 1

The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address. La función extendida en fio.c en Heirloom mailx 12.5 y anteriores y BSD mailx 8.1.2 y anteriores permite a atacantes remotos ejecutar comandos arbitrarios a través metacaracteres de shell en una dirección de correo electrónico. A flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-characters (CVE-2004-2771) and the direct command execution functionality (CVE-2014-7844). • http://linux.oracle.com/errata/ELSA-2014-1999.html http://rhn.redhat.com/errata/RHSA-2014-1999.html http://seclists.org/oss-sec/2014/q4/1066 http://secunia.com/advisories/60940 http://secunia.com/advisories/61585 http://secunia.com/advisories/61693 http://www.debian.org/security/2014/dsa-3105 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278748 https://access.redhat.com/security/cve/CVE-2004-2771 https://bugzilla.redhat.com/show_bug.cgi?id=1162783 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 5.0EPSS: 9%CPEs: 31EXPL: 1

The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack. El analizador REXML en Ruby 1.9.x anterior a 1.9.3-p550, 2.0.x anterior a 2.0.0-p594, y 2.1.x anterior a 2.1.4 permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de un documento XML manipulado, también conocido como un ataque de la expansión de entidad XML (XEE). • http://advisories.mageia.org/MGASA-2014-0443.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://lists.opensuse.org/opensuse-updates/2014-12/msg00035.html http://lists.opensuse.org/opensuse-updates/2015-01/msg00000.html http://lists.opensuse.org/opensuse-updates/2015-01/msg00004.html http://rhn.redhat.com/errata/RHSA-2014-1911.html http://rhn.redhat.com/errata/RHSA-2014-1912.html http://rhn.redhat.com/errata/RHSA-2014-1913.html http://rhn.r • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •