CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 1CVE-2016-9960 – Gentoo Linux Security Advisory 201707-02
https://notcve.org/view.php?id=CVE-2016-9960
06 Jun 2017 — game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash). game-music-emu anterior a versión 0.6.1 permite a los usuarios locales causar una denegación de servicio (dividir por cero y bloqueo del proceso). Multiple vulnerabilities have been found in Game Music Emu, the worst of which could lead to the execution of arbitrary code. Versions are affected. • http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00090.html • CWE-369: Divide By Zero •
CVSS: 10.0EPSS: 2%CPEs: 12EXPL: 1CVE-2016-9961 – Gentoo Linux Security Advisory 201707-02
https://notcve.org/view.php?id=CVE-2016-9961
06 Jun 2017 — game-music-emu before 0.6.1 mishandles unspecified integer values. game-music-emu anterior a versión 0.6.1 maneja inapropiadamente los valores de enteros no especificados. Multiple vulnerabilities have been found in Game Music Emu, the worst of which could lead to the execution of arbitrary code. Versions are affected. • http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00090.html • CWE-189: Numeric Errors •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2015-5203 – jasper: integer overflow in jas_image_cmpt_create()
https://notcve.org/view.php?id=CVE-2015-5203
10 May 2017 — Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. Una vulnerabilidad de liberación doble (double free) en la función jasper_image_stop_load en JasPer 1.900.17 permite que atacantes remotos provoquen una denegación de servicio utilizando un archivo de imagen JPEG 2000 manipulado. It was discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user ... • http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.html • CWE-190: Integer Overflow or Wraparound CWE-415: Double Free •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2015-5221 – jasper: use-after-free and double-free flaws in mif_process_cmpt()
https://notcve.org/view.php?id=CVE-2015-5221
10 May 2017 — Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. La vulnerabilidad de uso después liberada (Use-after-free) en la función mif_process_cmpt en el archivo libjasper/mif/mif_cod.c en la biblioteca JPEG-2000 de JasPer anterior a versión 1.900.2, permite a los atacantes remotos causar una denegación de servicio (bloqueo) por medio ... • http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 73%CPEs: 10EXPL: 1CVE-2017-8386 – git: Escape out of git-shell
https://notcve.org/view.php?id=CVE-2017-8386
10 May 2017 — git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character. git-shell en git en versiones anteriores a la 2.4.12, versiones 2.5.x anteriores a la 2.5.6, versiones 2.6.x anteriores a la 2.6.7, versiones 2.7.x anteriores a la 2.7.5, versiones 2.8.x anter... • http://lists.opensuse.org/opensuse-updates/2017-05/msg00090.html •
CVSS: 9.8EPSS: 21%CPEs: 4EXPL: 1CVE-2016-2173
https://notcve.org/view.php?id=CVE-2016-2173
21 Apr 2017 — org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code. org.springframework.core.serializer.DefaultDeserializer en Spring AMQP en versiones anteriores a 1.5.5 a los atacantes remotos ejecutar el código arbitrario. • https://github.com/HaToan/CVE-2016-2173 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 1CVE-2016-6299
https://notcve.org/view.php?id=CVE-2016-6299
14 Apr 2017 — The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file. El complemento scm en mock puede permitir a los atacantes pasar por alto el mecanismo de protección chroot previsto y obtener privilegios de root a través de un archivo de especificaciones manipulado. • http://www.openwall.com/lists/oss-security/2016/09/13/2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2016-8884 – jasper: missing jas_matrix_create() parameter checks
https://notcve.org/view.php?id=CVE-2016-8884
28 Mar 2017 — The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690. La función bmp_getdata en libjasper/bmp/bmp_dec.c en JasPer 1.900.5 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL) llamando al comando imginfo con una imagen BMP manipulada. NOTA: ... • http://www.openwall.com/lists/oss-security/2016/10/23/1 • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-8887 – Ubuntu Security Notice USN-3693-1
https://notcve.org/view.php?id=CVE-2016-8887
23 Mar 2017 — The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference). La función jp2_colr_destroy en libjasper/jp2/jp2_cod.c en JasPer en versiones anteriores a 1.900.10 permite a atacantes remotos provocar una denegación de servicio (referencia de puntero NULL). It was discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user or automated system using JasPer were tricked into op... • http://www.openwall.com/lists/oss-security/2016/10/23/3 • CWE-476: NULL Pointer Dereference •
CVSS: 5.9EPSS: 0%CPEs: 10EXPL: 0CVE-2016-6225
https://notcve.org/view.php?id=CVE-2016-6225
23 Mar 2017 — xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6394. xbcrypt en Percona XtraBackup en versiones anteriores a 2.3.6 y 2.4.x en versiones anteriores a 2.4.5 no establece apropiadamente el vector de inicializ... • http://lists.opensuse.org/opensuse-updates/2017-01/msg00125.html • CWE-326: Inadequate Encryption Strength •