CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 1CVE-2016-6299
https://notcve.org/view.php?id=CVE-2016-6299
14 Apr 2017 — The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file. El complemento scm en mock puede permitir a los atacantes pasar por alto el mecanismo de protección chroot previsto y obtener privilegios de root a través de un archivo de especificaciones manipulado. • http://www.openwall.com/lists/oss-security/2016/09/13/2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-1838
https://notcve.org/view.php?id=CVE-2015-1838
13 Apr 2017 — modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. modules/serverdensity_device.py en SaltStack en versiones anteriores a 2014.7.4 no maneja correctamente archivos en /tmp. • http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175568.html • CWE-19: Data Processing Errors •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-1839
https://notcve.org/view.php?id=CVE-2015-1839
13 Apr 2017 — modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. modules/chef.py en SaltStack en versiones anteriores a 2014.7.4 no maneja correctamente archivos en /tmp. • http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175568.html • CWE-19: Data Processing Errors •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2016-8884 – jasper: missing jas_matrix_create() parameter checks
https://notcve.org/view.php?id=CVE-2016-8884
28 Mar 2017 — The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690. La función bmp_getdata en libjasper/bmp/bmp_dec.c en JasPer 1.900.5 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL) llamando al comando imginfo con una imagen BMP manipulada. NOTA: ... • http://www.openwall.com/lists/oss-security/2016/10/23/1 • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-8887 – Ubuntu Security Notice USN-3693-1
https://notcve.org/view.php?id=CVE-2016-8887
23 Mar 2017 — The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference). La función jp2_colr_destroy en libjasper/jp2/jp2_cod.c en JasPer en versiones anteriores a 1.900.10 permite a atacantes remotos provocar una denegación de servicio (referencia de puntero NULL). It was discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user or automated system using JasPer were tricked into op... • http://www.openwall.com/lists/oss-security/2016/10/23/3 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 0CVE-2016-9400 – Gentoo Linux Security Advisory 201705-13
https://notcve.org/view.php?id=CVE-2016-9400
22 Feb 2017 — The CClient::ProcessServerPacket method in engine/client/client.cpp in Teeworlds before 0.6.4 allows remote servers to write to arbitrary physical memory locations and possibly execute arbitrary code via vectors involving snap handling. El método CClient::ProcessServerPacket en engine/client/client.cpp en Teeworlds en versiones anteriores a 0.6.4 permite a servidores remotos escribir en ubicaciones de memoria física arbitrarias y posiblemente ejecutar código arbitrario a través de vectores que involucran ma... • http://www.openwall.com/lists/oss-security/2016/11/16/8 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 5%CPEs: 6EXPL: 0CVE-2016-7969 – Gentoo Linux Security Advisory 201702-25
https://notcve.org/view.php?id=CVE-2016-7969
21 Feb 2017 — The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization." La función wrap_lines_smart en ass_render.c en libass en versiones anteriores a 0.13.4 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de vectores no especificados, relacionados con "0/3 ecualización de envoltura de línea". Multiple vulnerabiliti... • http://lists.opensuse.org/opensuse-updates/2016-12/msg00068.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2016-7970 – Gentoo Linux Security Advisory 201702-25
https://notcve.org/view.php?id=CVE-2016-7970
21 Feb 2017 — Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors. Desbordamiento de búfer en la función calc_coeff en libass/ass_blur.c en libass en versiones anteriores a 0.13.4 permite a atacantes remotos provocar una denegación de servicio a través de vectores no especificados. Multiple vulnerabilities have been found in libass, the worst of which have unknown impacts. Versions less than 0.13.4 are affecte... • http://www.openwall.com/lists/oss-security/2016/10/05/2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 0CVE-2016-7972 – Gentoo Linux Security Advisory 201702-25
https://notcve.org/view.php?id=CVE-2016-7972
21 Feb 2017 — The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors. La función check_allocations en libass/ass_shaper.c en libass en versiones anteriores a 0.13.4 permite a atacantes remotos provocar una denegación de servicio (fallo de ubicación de memoria) a través de vectores no especificados. Multiple vulnerabilities have been found in libass, the worst of which have unknown impacts. Versi... • http://lists.opensuse.org/opensuse-updates/2016-12/msg00068.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 1CVE-2016-6233 – Gentoo Linux Security Advisory 201804-10
https://notcve.org/view.php?id=CVE-2016-6233
16 Feb 2017 — The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression. Los métodos (1) order y (2) group en Zend_Db_Select en la Zend Framework en versiones anteriores a 1.12.19 podrían permitir a atacantes remotos llevar a cabo ataques de inyección SQL a través de vectores relacionados con el uso del patrón de caracteres [\w]* en una expresión ... • http://www.securityfocus.com/bid/91802 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •