CVSS: 8.8EPSS: 73%CPEs: 10EXPL: 1CVE-2017-8386 – git: Escape out of git-shell
https://notcve.org/view.php?id=CVE-2017-8386
10 May 2017 — git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character. git-shell en git en versiones anteriores a la 2.4.12, versiones 2.5.x anteriores a la 2.5.6, versiones 2.6.x anteriores a la 2.6.7, versiones 2.7.x anteriores a la 2.7.5, versiones 2.8.x anter... • http://lists.opensuse.org/opensuse-updates/2017-05/msg00090.html •
CVSS: 9.8EPSS: 2%CPEs: 5EXPL: 1CVE-2016-10243 – Gentoo Linux Security Advisory 201709-07
https://notcve.org/view.php?id=CVE-2016-10243
02 May 2017 — TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file. TeX Live permite a atacantes remotos ejecutar comandos arbitrarios aprovechando la inclusión de mpost en shell_escape_commands en el archivo de configuración texmf.cnf. It was discovered that TeX Live incorrectly handled certain system commands. If a user were tricked into processing a specially crafted TeX file, a remote attacker could execute arbitrary code... • http://www.debian.org/security/2017/dsa-3803 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 1CVE-2016-6299
https://notcve.org/view.php?id=CVE-2016-6299
14 Apr 2017 — The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file. El complemento scm en mock puede permitir a los atacantes pasar por alto el mecanismo de protección chroot previsto y obtener privilegios de root a través de un archivo de especificaciones manipulado. • http://www.openwall.com/lists/oss-security/2016/09/13/2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-10132
https://notcve.org/view.php?id=CVE-2016-10132
24 Mar 2017 — regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to regular expression compilation. regexp.c en Artifex Software, Inc. MuJS permite a atacantes provocar una denegación de servicio (referencia a puntero NULL y caída) a través de vectores relacionados con la compilación de expresiones regulares. • http://git.ghostscript.com/?p=mujs.git%3Bh=fd003eceda531e13fbdd1aeb6e9c73156496e569 • CWE-476: NULL Pointer Dereference •
CVSS: 5.9EPSS: 0%CPEs: 10EXPL: 0CVE-2016-6225
https://notcve.org/view.php?id=CVE-2016-6225
23 Mar 2017 — xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6394. xbcrypt en Percona XtraBackup en versiones anteriores a 2.3.6 y 2.4.x en versiones anteriores a 2.4.5 no establece apropiadamente el vector de inicializ... • http://lists.opensuse.org/opensuse-updates/2017-01/msg00125.html • CWE-326: Inadequate Encryption Strength •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 2CVE-2017-5849
https://notcve.org/view.php?id=CVE-2017-5849
15 Mar 2017 — tiffttopnm in netpbm 10.47.63 does not properly use the libtiff TIFFRGBAImageGet function, which allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted tiff image file, related to transposing width and height values. tiffttopnm en netpbm 10.47.63 no utiliza correctamente la función libtiff TIFFRGBAImageGet, lo que permite a atacantes remotos provocar una denegación de servicio (lectura y escritura fuera de límites) a través de un archivo de imagen tiff manipulado, ... • http://bugzilla.maptools.org/show_bug.cgi?id=2654 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2016-9956 – Ubuntu Security Notice USN-4588-1
https://notcve.org/view.php?id=CVE-2016-9956
22 Feb 2017 — The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script. El administrador de ruta en FlightGear en versiones anteriores a 2016.4.4 permite a atacantes remotos escribir en archivos arbitrarios a través de una secuencia de comandos Nasal manipulada. It was discovered that FlightGear could write arbitrary files if received a special nasal script. A remote attacker could exploit this with a crafted file to execute arbitrary code. • http://www.debian.org/security/2016/dsa-3742 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 5%CPEs: 6EXPL: 0CVE-2016-7969 – Gentoo Linux Security Advisory 201702-25
https://notcve.org/view.php?id=CVE-2016-7969
21 Feb 2017 — The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization." La función wrap_lines_smart en ass_render.c en libass en versiones anteriores a 0.13.4 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de vectores no especificados, relacionados con "0/3 ecualización de envoltura de línea". Multiple vulnerabiliti... • http://lists.opensuse.org/opensuse-updates/2016-12/msg00068.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2016-7970 – Gentoo Linux Security Advisory 201702-25
https://notcve.org/view.php?id=CVE-2016-7970
21 Feb 2017 — Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors. Desbordamiento de búfer en la función calc_coeff en libass/ass_blur.c en libass en versiones anteriores a 0.13.4 permite a atacantes remotos provocar una denegación de servicio a través de vectores no especificados. Multiple vulnerabilities have been found in libass, the worst of which have unknown impacts. Versions less than 0.13.4 are affecte... • http://www.openwall.com/lists/oss-security/2016/10/05/2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 0CVE-2016-7972 – Gentoo Linux Security Advisory 201702-25
https://notcve.org/view.php?id=CVE-2016-7972
21 Feb 2017 — The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors. La función check_allocations en libass/ass_shaper.c en libass en versiones anteriores a 0.13.4 permite a atacantes remotos provocar una denegación de servicio (fallo de ubicación de memoria) a través de vectores no especificados. Multiple vulnerabilities have been found in libass, the worst of which have unknown impacts. Versi... • http://lists.opensuse.org/opensuse-updates/2016-12/msg00068.html • CWE-399: Resource Management Errors •