CVE-2017-12904
https://notcve.org/view.php?id=CVE-2017-12904
Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL. Una neutralización incorrecta de elementos especiales en un comando del sistema operativo en la función de marcado de Newsbeuter en sus versiones de la 0.7 hasta la 2.9 permite que atacantes remotos realicen una ejecución de código asistidos por usuarios mediante la manipulación de un elemento RSS que incluya código shell en su título y/o URL. • http://www.debian.org/security/2017/dsa-3947 https://github.com/akrennmair/newsbeuter/commit/96e9506ae9e252c548665152d1b8968297128307 https://github.com/akrennmair/newsbeuter/issues/591 https://groups.google.com/forum/#%21topic/newsbeuter/iFqSE7Vz-DE https://usn.ubuntu.com/4585-1 • CWE-943: Improper Neutralization of Special Elements in Data Query Logic •
CVE-2016-3062
https://notcve.org/view.php?id=CVE-2016-3062
The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file. La función mov_read_dref en libavformat/mov.c en Libav en versiones anteriores a 11.7 y FFmpeg en versiones anteriores a 0.11 permite a atacantes remotos provocar una denegación de srevicio (corrupción de memoria) o ejecutar código arbitrario a través de valores de entrada en una caja dref en un archivo MP4. • http://lists.opensuse.org/opensuse-updates/2016-06/msg00105.html http://www.debian.org/security/2016/dsa-3603 https://bugzilla.libav.org/show_bug.cgi?id=929 https://ffmpeg.org/security.html https://git.libav.org/?p=libav.git%3Ba=commit%3Bh=7e01d48cfd168c3dfc663f03a3b6a98e0ecba328 https://github.com/FFmpeg/FFmpeg/commit/689e59b7ffed34eba6159dcc78e87133862e3746 https://libav.org/releases/libav-11.7.changelog https://security.gentoo.org/glsa/201705-08 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-7439 – libX11: buffer overflow in MakeBigReq macro
https://notcve.org/view.php?id=CVE-2013-7439
Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow. Múltiples errores de superación de límite (off-by-one) en los macros (1) MakeBigReq y (2) SetReqLen en include/X11/Xlibint.h en X11R6.x y libX11 anterior a 1.6.0 permiten a atacantes remotos tener un impacto no especificado a través de una solicitud manipulada, lo que provoca un desbordamiento de buffer. • http://lists.x.org/archives/xorg-announce/2015-April/002561.html http://seclists.org/oss-sec/2015/q2/81 http://www.debian.org/security/2015/dsa-3224 http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html http://www.securityfocus.com/bid/73962 http://www.ubuntu.com/usn/USN-2568-1 https://bugs.freedesktop.org/show_bug.cgi?id=56508 https://access.redhat.com/security/cve/CVE-2013-7439 https://bugzilla.redhat.com/show_bug.cgi?id=1209943 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •
CVE-2013-6435 – rpm: race condition during the installation process
https://notcve.org/view.php?id=CVE-2013-6435
Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory. Condición de carrera en RPM 4.11.1 y anteriores permite a atacantes remotos ejecutar código arbitrario a través de un fichero RPM manipulado cuyo instalación extrae los contenidos de ficheros temporales antes de validar la firma, tal y como fue demostrado mediante la instalación de un fichero en el directorio /etc/cron.d. It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely. Under certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation. • http://advisories.mageia.org/MGASA-2014-0529.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://rhn.redhat.com/errata/RHSA-2014-1974.html http://rhn.redhat.com/errata/RHSA-2014-1975.html http://rhn.redhat.com/errata/RHSA-2014-1976.html http://www.debian.org/security/2015/dsa-3129 http://www.mandriva.com/security/advisories?name=MDVSA-2014:251 http://www.mandriva.com/security/advisories?name=MDVSA-2015:056 http://www.oracle.com/technetwork/topics/ • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVE-2014-9089
https://notcve.org/view.php?id=CVE-2014-9089
Multiple SQL injection vulnerabilities in view_all_bug_page.php in MantisBT before 1.2.18 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to view_all_set.php. Múltiples vulnerabilidades de inyección SQL en view_all_bug_page.php en MantisBT anterior a 1.2.18 permiten a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro (1) sort o (2) dir en view_all_set.php. • http://secunia.com/advisories/62101 http://www.debian.org/security/2015/dsa-3120 http://www.openwall.com/lists/oss-security/2014/11/25/14 http://www.openwall.com/lists/oss-security/2014/11/26/6 http://www.securityfocus.com/bid/71298 https://github.com/mantisbt/mantisbt/commit/b0021673ab23249244119bde3c7fcecd4daa4e7f https://www.mantisbt.org/bugs/view.php?id=17841 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •