CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 2CVE-2015-6816
https://notcve.org/view.php?id=CVE-2015-6816
ganglia-web before 3.7.1 allows remote attackers to bypass authentication. ganglia-web en versiones anteriores a la 3.7.1 permite que atacantes remotos eludan la autenticación. • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170362.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169641.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169788.html http://www.openwall.com/lists/oss-security/2015/09/05/6 http://www.securityfocus.com/bid/92146 https://bugzilla.redhat.com/show_bug.cgi?id=1260562 https://github.com/ganglia/ganglia-web/issues/267 https://www.freshports.org/sysutils/ganglia-webfronten • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-5391
https://notcve.org/view.php?id=CVE-2016-5391
libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart). Libreswan anterior a la 3.18 permite a un atacante remoto provocar una denegación de servicio (desreferencia a un puntero NULL y reinicio del daemon pluto). • https://bugzilla.redhat.com/show_bug.cgi?id=1356183 https://libreswan.org/security/CVE-2016-5391/CVE-2016-5391.txt https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/65R6OA5AY7K2UBQUDOLOS5Y3SCULQI6I https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKMS7R4TG6LTAGEBOWVUXF6LAWQXLNXV • CWE-476: NULL Pointer Dereference •
CVSS: 7.0EPSS: 1%CPEs: 8EXPL: 0CVE-2015-5203 – jasper: integer overflow in jas_image_cmpt_create()
https://notcve.org/view.php?id=CVE-2015-5203
Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. Una vulnerabilidad de liberación doble (double free) en la función jasper_image_stop_load en JasPer 1.900.17 permite que atacantes remotos provoquen una denegación de servicio utilizando un archivo de imagen JPEG 2000 manipulado. • http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.html http://lists.opensuse.org/opensuse-updates/2016-11/msg00018.html http://lists.opensuse.org/opensuse-updates/2016-11/msg00064.html http://www.openwall.com/lists/oss-security/2015/08/16/2 https://access.redhat.com/errata/RHSA-2017:1208 https://bugzilla.redhat.com/show_bug.cgi?id=1254242 https://lists.debian.org/debian-lts-announce/2018/11/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40list • CWE-190: Integer Overflow or Wraparound CWE-415: Double Free •
CVSS: 7.0EPSS: 1%CPEs: 8EXPL: 0CVE-2015-5221 – jasper: use-after-free and double-free flaws in mif_process_cmpt()
https://notcve.org/view.php?id=CVE-2015-5221
Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. La vulnerabilidad de uso después liberada (Use-after-free) en la función mif_process_cmpt en el archivo libjasper/mif/mif_cod.c en la biblioteca JPEG-2000 de JasPer anterior a versión 1.900.2, permite a los atacantes remotos causar una denegación de servicio (bloqueo) por medio de un archivo de imagen JPEG 2000 creado. • http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.html http://lists.opensuse.org/opensuse-updates/2016-11/msg00018.html http://lists.opensuse.org/opensuse-updates/2016-11/msg00064.html http://www.openwall.com/lists/oss-security/2015/08/20/4 https://access.redhat.com/errata/RHSA-2017:1208 https://bugzilla.redhat.com/show_bug.cgi?id=1255710 https://github.com/mdadams/jasper/commit/df5d2867e8004e51e18b89865bc4aa69229227b3 https://lists.debian.org/debian-lts-announce/2018/11/msg00023. • CWE-416: Use After Free •
CVSS: 9.8EPSS: 2%CPEs: 4EXPL: 1CVE-2016-2173
https://notcve.org/view.php?id=CVE-2016-2173
org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code. org.springframework.core.serializer.DefaultDeserializer en Spring AMQP en versiones anteriores a 1.5.5 a los atacantes remotos ejecutar el código arbitrario. • https://github.com/HaToan/CVE-2016-2173 http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182551.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182850.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182959.html https://bugzilla.redhat.com/show_bug.cgi?id=1326205 https://pivotal.io/security/cve-2016-2173 • CWE-20: Improper Input Validation •