CVSS: 6.5EPSS: 0%CPEs: 17EXPL: 0CVE-2016-9600 – jasper: JP2 encoder NULL pointer dereference due to uninitialized cmprof_
https://notcve.org/view.php?id=CVE-2016-9600
10 May 2017 — JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash. JasPer, en versiones anteriores a la 2.0.10, es vulnerable a una desreferencia de puntero NULL, tal y como se descubrió en la creación descifrada de archivos de imagen JPEG 2000. Un archivo especialmente manipulado podría provocar el cierre inesperado de una aplicación que esté utilizando JasPer. It was... • https://access.redhat.com/errata/RHSA-2017:1208 • CWE-476: NULL Pointer Dereference •
CVSS: 9.3EPSS: 50%CPEs: 17EXPL: 2CVE-2017-3068 – Adobe Flash - AVC Deblocking Out-of-Bounds Read
https://notcve.org/view.php?id=CVE-2017-3068
09 May 2017 — Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Advanced Video Coding engine. Successful exploitation could lead to arbitrary code execution. Flash Player versiones 25.0.0.148 y anteriores de Adobe, presenta una vulnerabilidad de corrupción de memoria explotable en el motor de Codificación de Vídeo Avanzada. La explotación con éxito podría conllevar a la ejecución de código arbitraria. The flash-plugin package contains a Mozilla Firefox compatibl... • https://packetstorm.news/files/id/142542 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 2%CPEs: 17EXPL: 0CVE-2017-3074 – flash-plugin: multiple code execution issues fixed in APSB17-15
https://notcve.org/view.php?id=CVE-2017-3074
09 May 2017 — Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Graphics class. Successful exploitation could lead to arbitrary code execution. Flash Player versiones 25.0.0.148 y anteriores de Adobe, presenta una vulnerabilidad de corrupción de memoria explotable en la clase Graphics. Una explotación con éxito podría conllevar a la ejecución de código arbitraria. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-... • http://www.securityfocus.com/bid/98349 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 2%CPEs: 17EXPL: 0CVE-2017-3069 – flash-plugin: multiple code execution issues fixed in APSB17-15
https://notcve.org/view.php?id=CVE-2017-3069
09 May 2017 — Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BlendMode class. Successful exploitation could lead to arbitrary code execution. Flash Player versiones 25.0.0.148 y anteriores de Adobe, presenta una vulnerabilidad de corrupción de memoria explotable en la clase BlendMode. Una explotación con éxito podría conllevar a la ejecución de código arbitraria. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plu... • http://www.securityfocus.com/bid/98349 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 2%CPEs: 17EXPL: 0CVE-2017-3072 – flash-plugin: multiple code execution issues fixed in APSB17-15
https://notcve.org/view.php?id=CVE-2017-3072
09 May 2017 — Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution. Flash Player versiones 25.0.0.148 y anteriores de Adobe, presenta una vulnerabilidad de corrupción de memoria explotable en la clase BitmapData. Una explotación con éxito podría conllevar a la ejecución de código arbitraria. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser p... • http://www.securityfocus.com/bid/98349 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 2%CPEs: 17EXPL: 0CVE-2017-3070 – flash-plugin: multiple code execution issues fixed in APSB17-15
https://notcve.org/view.php?id=CVE-2017-3070
09 May 2017 — Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the ConvolutionFilter class. Successful exploitation could lead to arbitrary code execution. Flash Player versiones 25.0.0.148 y anteriores de Adobe, presenta una vulnerabilidad de corrupción de memoria explotable en la clase ConvolutionFilter. Una explotación con éxito podría conllevar a la ejecución de código arbitraria. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player... • http://www.securityfocus.com/bid/98349 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 1%CPEs: 17EXPL: 0CVE-2017-3071 – flash-plugin: multiple code execution issues fixed in APSB17-15
https://notcve.org/view.php?id=CVE-2017-3071
09 May 2017 — Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when masking display objects. Successful exploitation could lead to arbitrary code execution. Flash Player versiones 25.0.0.148 y anteriores de Adobe, presenta una vulnerabilidad de uso de la memoria previamente liberada explotable cuando se enmascaran objetos de visualización. Una explotación con éxito podría conllevar a la ejecución de código arbitraria. The flash-plugin package contains a Mozilla Firefox c... • http://www.securityfocus.com/bid/98347 • CWE-416: Use After Free •
CVSS: 9.3EPSS: 1%CPEs: 17EXPL: 0CVE-2017-3073 – flash-plugin: multiple code execution issues fixed in APSB17-15
https://notcve.org/view.php?id=CVE-2017-3073
09 May 2017 — Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when handling multiple mask properties of display objects, aka memory corruption. Successful exploitation could lead to arbitrary code execution. Flash Player versiones 25.0.0.148 y anteriores de Adobe, presenta una vulnerabilidad de uso de la memoria previamente liberada explotable al manejar varias propiedades de máscara de objetos de visualización, también se conoce como corrupción de memoria. Una explotac... • http://www.securityfocus.com/bid/98349 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 0CVE-2017-7980 – Qemu: display: cirrus: OOB r/w access issues in bitblt routines
https://notcve.org/view.php?id=CVE-2017-7980
02 May 2017 — Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation. Desbordamiento de búfer basado en memoria dinámica (heap) en Cirrus CLGD 54xx VGA Emulator en Quick Emulator (Qemu) en versiones 2.8 y anteriores permite que los usuarios invitados del sistema operativo ejecuten código arbitrario o provoque... • http://ubuntu.com/usn/usn-3289-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 92%CPEs: 20EXPL: 5CVE-2017-8291 – Artifex Ghostscript Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2017-8291
27 Apr 2017 — Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017. Artifex Ghostscript permite sobrepasar -dSAFER y la ejecución de comandos remotos a través de una vulnerabilidad de type confusion en .rsdparams con una subcadena "/ OutputFile (% pipe%" en un documento .eps que se utilice como entrada al gs. It was ... • https://www.exploit-db.com/exploits/41955 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •