CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2019-9211
https://notcve.org/view.php?id=CVE-2019-9211
27 Feb 2019 — There is a reachable assertion abort in the function write_long_string_missing_values() in data/sys-file-writer.c in libdata.a in GNU PSPP 1.2.0 that will lead to denial of service. Hay un aborto de aserción alcanzable en la función write_long_string_missing_values() en data/sys-file-writer.c en libdata.a en la versión 1.2.0 de GNU PSPP que conducirá a una denegación de servicio (DoS). • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00068.html • CWE-617: Reachable Assertion •
CVSS: 7.8EPSS: 0%CPEs: 253EXPL: 0CVE-2016-1238 – Gentoo Linux Security Advisory 201812-07
https://notcve.org/view.php?id=CVE-2016-1238
25 Jul 2016 — (1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Modul... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 23EXPL: 2CVE-2012-2095 – WICD 1.7.1 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2012-2095
07 Apr 2014 — The SetWiredProperty function in the D-Bus interface in WICD before 1.7.2 allows local users to write arbitrary configuration settings and gain privileges via a crafted property name in a dbus message. La función SetWiredProperty en la interfaz D-Bus en WICD anterior a 1.7.2 permite a usuarios locales escribir ajustes de configuración arbitrarios y ganar privilegios a través de un nombre de propiedad manipulado en un mensaje dbus. • https://www.exploit-db.com/exploits/18733 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2011-4930 – Condor: Multiple format string flaws
https://notcve.org/view.php?id=CVE-2011-4930
10 Feb 2014 — Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly execute arbitrary code via format string specifiers in (1) the reason for a hold for a job that uses an XML user log, (2) the filename of a file to be transferred, and possibly other unspecified vectors. Múltiples vulnerabilidades de cade... • http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0001.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2012-1568 – kernel: execshield: predictable ascii armour base address
https://notcve.org/view.php?id=CVE-2012-1568
01 Mar 2013 — The ExecShield feature in a certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux (RHEL) 5 and 6 and Fedora 15 and 16 does not properly handle use of many shared libraries by a 32-bit executable file, which makes it easier for context-dependent attackers to bypass the ASLR protection mechanism by leveraging a predictable base address for one of these libraries. La característica en algunos parches para el kernel de Red Hat en las versiones Enterprise Linux (RHEL) 5 y 6 y fedora 15 y 16, no ... • http://openwall.com/lists/oss-security/2012/03/21/3 •
CVSS: 9.8EPSS: 2%CPEs: 14EXPL: 0CVE-2012-1149 – libreoffice: Integer overflows, leading to heap-buffer overflows in JPEG, PNG and BMP reader implementations
https://notcve.org/view.php?id=CVE-2012-1149
21 Jun 2012 — Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embedded image object, as demonstrated by a JPEG image in a .DOC file, which triggers a heap-based buffer overflow. Un desbordamiento de entero en el módulo de vclmi.dll en OpenOffice.org (OOo) v3.3, v3.4 Beta, y posiblemente en versiones anteriores, y Libr... • http://archives.neohapsis.com/archives/bugtraq/2012-05/0089.html • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •
CVSS: 6.0EPSS: 0%CPEs: 13EXPL: 0CVE-2012-1988 – puppet: Filebucket arbitrary code execution
https://notcve.org/view.php?id=CVE-2012-1988
29 May 2012 — Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pathname contains shell metacharacters, then performing a filebucket request. Puppet v2.6.x anterior a v2.6.15 y v2.7.x anterior a v2.7.13, y Puppet Enterprise (PE) Users v1.0, v1.1, v1.2.x, v2.0.x, y v2.5.x anterio... • http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 4%CPEs: 5EXPL: 0CVE-2012-2089
https://notcve.org/view.php?id=CVE-2012-2089
17 Apr 2012 — Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file. Un desbordamiento de búfer en ngx_http_mp4_module.c en el módulo de ngx_http_mp4_module en nginx v1.0.7 a v1.0.14 y en v1.1.3 a v1.1.18, cuando se usa la directiva mp4, permite a atacantes remotos causar una denegación... • http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079388.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0CVE-2012-1180
https://notcve.org/view.php?id=CVE-2012-1180
17 Apr 2012 — Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request. Una vulnerabilidad de uso después de liberación en nginx v1.0.14 y v1.1.x antes de v1.1.17 permite obtener información sensible de la memoria del proceso a servidores remotos de HTTP a través de una respuesta del backend modificada, junto con una petición de cliente. • http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077966.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 7%CPEs: 18EXPL: 0CVE-2011-3045 – libpng: buffer overflow in png_inflate caused by invalid type conversions
https://notcve.org/view.php?id=CVE-2011-3045
22 Mar 2012 — Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026. El error de signo de entero en pngrutil.c en libpng antes v1.4.10beta01, tal y como se utiliza en Google Chrome antes de v17.0.963.83 y otros productos, permite a atacantes... • http://code.google.com/p/chromium/issues/detail?id=116162 • CWE-190: Integer Overflow or Wraparound •