CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 0CVE-2014-9854
https://notcve.org/view.php?id=CVE-2014-9854
17 Mar 2017 — coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image." Coders/tiff.c en ImageMagick permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de vectores relacionados con la "identificación de la imagen". • http://git.imagemagick.org/repos/ImageMagick/commit/7fb9b7e095a65b4528d0180e26574f2bc7cd0e8b • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2014-9844 – Ubuntu Security Notice USN-3131-1
https://notcve.org/view.php?id=CVE-2014-9844
21 Nov 2016 — The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file. La función ReadRLEImage en coders/rle.c en ImageMagick 6.8.9.9 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un archivo de imagen manipulado. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked i... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2014-9845 – Ubuntu Security Notice USN-3131-1
https://notcve.org/view.php?id=CVE-2014-9845
21 Nov 2016 — The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file. La función ReadDIBImage en coders/dib.c en ImageMagick permite a atacantes provocar una denegación de servicio (caída) a través de un archivo dib corrompido. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could explo... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2016-5244 – Ubuntu Security Notice USN-3071-2
https://notcve.org/view.php?id=CVE-2016-5244
27 Jun 2016 — The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message. La función rds_inc_info_copy en net/rds/recv.c en el kernel de Linux hasta la versión 4.6.3 no inicializa un cierto miembro de estructura, lo que permite a atacantes remotos obtener información sensible de la memoria de pila del kernel leyendo un mensaje RDS. Kangjie... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4116def2337991b39919f3b448326e21c40e0dbb • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 8%CPEs: 37EXPL: 0CVE-2016-4955 – Ubuntu Security Notice USN-3096-1
https://notcve.org/view.php?id=CVE-2016-4955
06 Jun 2016 — ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time. ntpd en NTP 4.x en versiones anteriores a 4.2.8p8, cuando está habilitada la autoclave, permite a atacantes remotos provocar una denegación de servicio (limpiando el par variable y corte de asociación) enviando (1) un paquete crypto-NAK manipulado ... • http://bugs.ntp.org/3043 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.3EPSS: 3%CPEs: 37EXPL: 0CVE-2016-4956 – HPE Security Bulletin HPESBHF03757 1
https://notcve.org/view.php?id=CVE-2016-4956
06 Jun 2016 — ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548. ntpd en NTP 4.x en versiones anteriores a 4.2.8p8 permite a atacantes remotos provocar una denegación de servicio (transición de modo intercalado y cambio de hora) a través de un paquete de difusión manipulado. NOTA: esta vulnerabilidad existe debido a una solución inco... • http://bugs.ntp.org/3042 •
CVSS: 7.5EPSS: 62%CPEs: 14EXPL: 0CVE-2016-4957 – HPE Security Bulletin HPESBHF03757 1
https://notcve.org/view.php?id=CVE-2016-4957
06 Jun 2016 — ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547. ntpd en NTP en versiones anteriores a 4.2.8p8 permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de un paquete crypto-NAK. NOTA: esta vulnerabilidad existe debido a una solución incorrecta para CVE-2016-1547. Potential security vulnerabilities with NTP have been addresse... • http://bugs.ntp.org/3046 • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 93%CPEs: 12EXPL: 9CVE-2016-3714 – ImageMagick Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2016-3714
05 May 2016 — The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick." Los codificadores (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN y (8) PLT en ImageMagick en versiones anteriores a 6.9.3-10 y 7.x en versiones anteriores a 7.0.1-1 permiten a atacantes remotos ejecutar código arbitrario a ... • https://packetstorm.news/files/id/152364 • CWE-20: Improper Input Validation •
CVSS: 4.9EPSS: 0%CPEs: 15EXPL: 0CVE-2016-3951 – Ubuntu Security Notice USN-3002-1
https://notcve.org/view.php?id=CVE-2016-3951
02 May 2016 — Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor. Vulnerabilidad de liberación de memoria doble en drivers/net/usb/cdc_ncm.c en el kernel de Linux en versiones anteriores a 4.5 permite a atacantes físicamente próximos provocar una denegación de servicio (caída de sistema) o posiblemente tener ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1666984c8625b3db19a9abc298931d35ab7bc64b •
CVSS: 6.8EPSS: 8%CPEs: 37EXPL: 0CVE-2016-0264 – JDK: buffer overflow vulnerability in the IBM JVM
https://notcve.org/view.php?id=CVE-2016-0264
30 Apr 2016 — Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors. Desbordamiento de buffer en Java Virtual Machine (JVM) en IBM SDK, Java Technology Edition 6 en versiones anteriores a SR16 FP25 (6.0.16.25), 6 R1 en versiones anteriores a SR8 FP25 (6.1.8.25), 7 ... • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •