CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 1CVE-2016-9960 – Gentoo Linux Security Advisory 201707-02
https://notcve.org/view.php?id=CVE-2016-9960
06 Jun 2017 — game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash). game-music-emu anterior a versión 0.6.1 permite a los usuarios locales causar una denegación de servicio (dividir por cero y bloqueo del proceso). Multiple vulnerabilities have been found in Game Music Emu, the worst of which could lead to the execution of arbitrary code. Versions are affected. • http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00090.html • CWE-369: Divide By Zero •
CVSS: 10.0EPSS: 2%CPEs: 12EXPL: 1CVE-2016-9961 – Gentoo Linux Security Advisory 201707-02
https://notcve.org/view.php?id=CVE-2016-9961
06 Jun 2017 — game-music-emu before 0.6.1 mishandles unspecified integer values. game-music-emu anterior a versión 0.6.1 maneja inapropiadamente los valores de enteros no especificados. Multiple vulnerabilities have been found in Game Music Emu, the worst of which could lead to the execution of arbitrary code. Versions are affected. • http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00090.html • CWE-189: Numeric Errors •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2015-5203 – jasper: integer overflow in jas_image_cmpt_create()
https://notcve.org/view.php?id=CVE-2015-5203
10 May 2017 — Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. Una vulnerabilidad de liberación doble (double free) en la función jasper_image_stop_load en JasPer 1.900.17 permite que atacantes remotos provoquen una denegación de servicio utilizando un archivo de imagen JPEG 2000 manipulado. It was discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user ... • http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.html • CWE-190: Integer Overflow or Wraparound CWE-415: Double Free •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2015-5221 – jasper: use-after-free and double-free flaws in mif_process_cmpt()
https://notcve.org/view.php?id=CVE-2015-5221
10 May 2017 — Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. La vulnerabilidad de uso después liberada (Use-after-free) en la función mif_process_cmpt en el archivo libjasper/mif/mif_cod.c en la biblioteca JPEG-2000 de JasPer anterior a versión 1.900.2, permite a los atacantes remotos causar una denegación de servicio (bloqueo) por medio ... • http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 1CVE-2016-9957 – Gentoo Linux Security Advisory 201707-02
https://notcve.org/view.php?id=CVE-2016-9957
12 Apr 2017 — Stack-based buffer overflow in game-music-emu before 0.6.1. Desbordamiento de búfer basado en pila en game-music-emu en versiones anteriores a 0.6.1. Multiple vulnerabilities have been found in Game Music Emu, the worst of which could lead to the execution of arbitrary code. Versions are affected. • http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00090.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 1CVE-2016-9958 – Gentoo Linux Security Advisory 201707-02
https://notcve.org/view.php?id=CVE-2016-9958
12 Apr 2017 — game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations. game-music-emu en versiones anteriores a 0.6.1 permite a atacantes remotos escribir en ubicaciones de memoria arbitrarias. Multiple vulnerabilities have been found in Game Music Emu, the worst of which could lead to the execution of arbitrary code. Versions are affected. • http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00090.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 1CVE-2016-9959 – Gentoo Linux Security Advisory 201707-02
https://notcve.org/view.php?id=CVE-2016-9959
12 Apr 2017 — game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values. game-music-emu en versiones anteriores a 0.6.1 permite a los atacantes remotos generar valores fuera de los límites de 8 bits. Multiple vulnerabilities have been found in Game Music Emu, the worst of which could lead to the execution of arbitrary code. Versions are affected. • http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00090.html • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2017-17805 – kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial-of-service
https://notcve.org/view.php?id=CVE-2017-17805
03 Apr 2017 — The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/sals... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ecaaab5649781c5a0effdaf298a925063020500e • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2017-17806 – kernel: HMAC implementation does not validate that the underlying cryptographic hash algorithm is unkeyed allowing local attackers to cause denial-of-service
https://notcve.org/view.php?id=CVE-2017-17806
03 Apr 2017 — The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization. La implementación HMAC (crypto/hmac.c) en el kernel de Linux en versiones ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=af3ff8045bbf3e32f1a448542e73abb4c8ceb6f1 • CWE-391: Unchecked Error Condition CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2015-8010
https://notcve.org/view.php?id=CVE-2015-8010
27 Mar 2017 — Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi. Vulnerabilidad de XSS en el Classic-UI con el enlace de exportación CSV y la funcionalidad de paginación en Icinga en versiones anteriores a 1.14 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de la cadena de consulta a cgi-bin/sta... • http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00019.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •