Page 99 of 732 results (0.006 seconds)

CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1

CVE-2019-1010305 – libmspack: buffer overflow in function chmd_read_headers()

https://notcve.org/view.php?id=CVE-2019-1010305

libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted chm file. The fixed version is: after commit 2f084136cfe0d05e5bf5703f3e83c6d955234b4d. libmspack versión 0.9.1alpha se ve afectado por: Desbordamiento de búfer. • https://github.com/kyz/libmspack/commit/2f084136cfe0d05e5bf5703f3e83c6d955234b4d https://github.com/kyz/libmspack/issues/27 https://lists.debian.org/debian-lts-announce/2019/08/msg00028.html https://lists.debian.org/debian-lts-announce/2021/10/msg00033.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IXWNEY4CJBLPRKV6LG7FQUPD6WVZYBTB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2QJTUAGP22YY7453MHGTFN4YQE5HJBR https://usn.ubuntu.com • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1

CVE-2019-1010315 – wavpack: Divide by zero in ParseDsdiffHeaderConfig leads to crash

https://notcve.org/view.php?id=CVE-2019-1010315

WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The impact is: Divide by zero can lead to sudden crash of a software/service that tries to parse a .wav file. The component is: ParseDsdiffHeaderConfig (dsdiff.c:282). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc. • https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc https://github.com/dbry/WavPack/issues/65 https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH https://usn.ubuntu.com/4062-1 https://access.redhat.com/security/cve/CVE-2019-1010315 https • CWE-369: Divide By Zero •

CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 1

CVE-2019-1010317 – wavpack: Use of uninitialized variable in ParseCaffHeaderConfig leads to DoS

https://notcve.org/view.php?id=CVE-2019-1010317

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig (caff.c:486). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b. • https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b https://github.com/dbry/WavPack/issues/66 https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IX3J2JML5A7KC2B • CWE-457: Use of Uninitialized Variable CWE-665: Improper Initialization CWE-908: Use of Uninitialized Resource •

CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 1

CVE-2019-1010319 – wavpack: Use of uninitialized variable in ParseWave64HeaderConfig leads to DoS

https://notcve.org/view.php?id=CVE-2019-1010319

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe. • https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe https://github.com/dbry/WavPack/issues/68 https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IX3J2JML5A7KC2B • CWE-369: Divide By Zero CWE-457: Use of Uninitialized Variable CWE-908: Use of Uninitialized Resource •

CVSS: 9.8EPSS: 1%CPEs: 10EXPL: 0

CVE-2019-12838

https://notcve.org/view.php?id=CVE-2019-12838

SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection. Slurm versiones 17.11.x, versiones 18.08.0 hasta 18.08.7, y versión 19.05.0 de SchedMD, permite la inyección SQL. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00051.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00038.html https://lists.debian.org/debian-lts-announce/2020/03/msg00016.html https://lists.debian.org/debian-lts-announce/2022/01/msg00011.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2O47F72FWMYLEGF35QGNYY5VS33SUQS5 https://lists.fedoraproject.org • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •