CVSS: 5.8EPSS: 81%CPEs: 84EXPL: 2CVE-2016-3715 – ImageMagick Arbitrary File Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2016-3715
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. El codificador EPHEMERAL en ImageMagick en versiones anteriores a 6.9.3-10 y 7.x en versiones anteriores a 7.0.1-1 permite a atacantes remotos eliminar archivos arbitrarios a través de una imagen manipulada. It was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted images. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would allow the attacker to delete arbitrary files. ImageMagick contains an unspecified vulnerability that could allow users to delete files by using ImageMagick's 'ephemeral' pseudo protocol, which deletes files after reading. • https://www.exploit-db.com/exploits/39767 http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html http&# • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 93%CPEs: 84EXPL: 1CVE-2016-3718 – ImageMagick Server-Side Request Forgery (SSRF) Vulnerability
https://notcve.org/view.php?id=CVE-2016-3718
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. Los codificadores (1) HTTP y (2) FTP en ImageMagick en versiones anteriores a 6.9.3-10 y 7.x en versiones anteriores a 7.0.1-1 permiten a atacantes remotos llevar a cabo ataques de falsificación de peticiones del lado del servidor (SSRF) a través de una imagen manipulada. A server-side request forgery flaw was discovered in the way ImageMagick processed certain images. A remote attacker could exploit this flaw to mislead an application using ImageMagick or an unsuspecting user using the ImageMagick utilities into, for example, performing HTTP(S) requests or opening FTP sessions via specially crafted images. ImageMagick contains an unspecified vulnerability that allows attackers to perform server-side request forgery (SSRF) via a crafted image. • https://www.exploit-db.com/exploits/39767 http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html http&# • CWE-352: Cross-Site Request Forgery (CSRF) CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 28EXPL: 0CVE-2016-3627 – libxml2: stack exhaustion while parsing xml files in recovery mode
https://notcve.org/view.php?id=CVE-2016-3627
The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document. La función xmlStringGetNodeList en tree.c en libxml2.2.9.3 y versiones anteriores, cuando se utiliza en modo de recuperación, permite a atacantes dependientes del contexto provocar una denegación de servicio (bucle infinito, consumo de pila y caída de la aplicación) a través de un docuumento XML manipulado. Missing recursive loop detection checks were found in the xmlParserEntityCheck() and xmlStringGetNodeList() functions of libxml2, causing application using the library to crash by stack exhaustion while building the associated data. An attacker able to send XML data to be parsed in recovery mode could launch a Denial of Service on the application. libxml versions prior to 2.9.3 suffer from a stack overflow vulnerability when parsing a malicious file. • http://lists.opensuse.org/opensuse-updates/2016-05/msg00055.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00127.html http://rhn.redhat.com/errata/RHSA-2016-2957.html http://seclists.org/fulldisclosure/2016/May/10 http://www.openwall.com/lists/oss-security/2016/03/21/2 http://www.openwall.com/lists/oss-security/2016/03/21/3 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016& • CWE-674: Uncontrolled Recursion •
CVSS: 5.9EPSS: 0%CPEs: 16EXPL: 0CVE-2016-4079
https://notcve.org/view.php?id=CVE-2016-4079
epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted packet. epan/dissectors/packet-pktc.c en el disector PKTC en Wireshark 1.12.x en versiones anteriores a 1.12.11 y 2.0.x en versiones anteriores a 2.0.3 no verifica identificadores BER, lo que permite a atacantes remotos provocar una denegación de servicio (escritura fuera de límites y caída de aplicación) a través de un paquete manipulado. • http://www.debian.org/security/2016/dsa-3585 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.securitytracker.com/id/1035685 http://www.wireshark.org/security/wnpa-sec-2016-22.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12206 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=4cdc9eeba58f866bd5f273e9c5b3876857a7a4bf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 0%CPEs: 16EXPL: 0CVE-2016-4085
https://notcve.org/view.php?id=CVE-2016-4085
Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a packet. Desbordamiento de buffer basado en pila en epan/dissectors/packet-ncp2222.inc en el disector NCP en Wireshark 1.12.x en versiones anteriores a 1.12.11 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente tener otro impacto no especificado a través de una cadena larga en un paquete. • http://www.debian.org/security/2016/dsa-3585 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/87467 http://www.securitytracker.com/id/1035685 http://www.wireshark.org/security/wnpa-sec-2016-28.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12293 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=99efcb0f5aeeb4b2179e88c7a4233022aaeecf0b • CWE-20: Improper Input Validation •