CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-4645 – Gentoo Linux Security Advisory 201701-73
https://notcve.org/view.php?id=CVE-2015-4645
30 Jan 2017 — Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input, which triggers a stack-based buffer overflow. Desbordamiento de enteros en la función read_fragment_table_4 en unsquash-4.c en Squashfs y sasquatch permite que atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de una entrada manipulada, lo que desencadena un desbordamiento de búfer ... • http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162171.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2016-2312
https://notcve.org/view.php?id=CVE-2016-2312
23 Dec 2016 — Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again. Desactivar todas las pantallas en Plasma-workspace y kscreenlocker mientras se muestra la pantalla de bloqueo puede resultar en el desbloqueo de la pantalla cuando se vuelva a encender una pantalla. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177454.html • CWE-254: 7PK - Security Features •
CVSS: 3.3EPSS: 2%CPEs: 3EXPL: 0CVE-2016-1544 – Gentoo Linux Security Advisory 201612-13
https://notcve.org/view.php?id=CVE-2016-1544
05 Dec 2016 — nghttp2 before 1.7.1 allows remote attackers to cause a denial of service (memory exhaustion). nghttp2 versiones anteriores a 1.7.1, permite a atacantes remotos causar una denegación de servicio (agotamiento de la memoria). Nghttp2 is vulnerable to a Denial of Service attack. Versions less than 1.7.1 are affected. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177308.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2016-0720 – pcs: Cross-Site Request Forgery in web UI
https://notcve.org/view.php?id=CVE-2016-0720
04 Nov 2016 — Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149. Vulnerabilidad de CSRF en pcsd web UI en pcs en versiones anteriores a 0.9.149. A Cross-Site Request Forgery (CSRF) flaw was found in the pcsd web UI. A remote attacker could provide a specially crafted web page that, when visited by a user with a valid pcsd session, would allow the attacker to trigger requests on behalf of the user, for example removing resources or restarting/removing nodes. The pcs packages provide a co... • http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178261.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2016-0721 – pcs: cookies are not invalidated upon logout
https://notcve.org/view.php?id=CVE-2016-0721
04 Nov 2016 — Session fixation vulnerability in pcsd in pcs before 0.9.157. Vulnerabilidad de fijación de sesión en pcsd en pcs en versiones anteriores a 0.9.157. It was found that pcsd did not invalidate cookies on the server side when a user logged out. This could potentially allow an attacker to perform session fixation attacks on pcsd. The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. • http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178261.html • CWE-384: Session Fixation •
CVSS: 7.8EPSS: 0%CPEs: 253EXPL: 0CVE-2016-1238 – Gentoo Linux Security Advisory 201812-07
https://notcve.org/view.php?id=CVE-2016-1238
25 Jul 2016 — (1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Modul... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 1CVE-2016-6185 – Ubuntu Security Notice USN-3625-1.tt
https://notcve.org/view.php?id=CVE-2016-6185
25 Jul 2016 — The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory. El método XSLoader::load en XSLoader en Perl no localiza adecuadamente archivos .so cuando se le llama en una cadena eval, lo que podría permitir a usuarios locales ejecutar código arbitrario a través de una librería Troyano bajo el directorio de trabajo actual. It was discovered ... • http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2015-8808 – Debian Security Advisory 3746-1
https://notcve.org/view.php?id=CVE-2015-8808
13 Jul 2016 — The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted GIF file. La función DecodeImage en coders/gif.c en GraphicsMagick 1.3.18 permite a atacantes remotos provocar una denegación de servicio (acceso a memoria no inicializada) a través de un archivo GIF manipulado. Several vulnerabilities have been discovered in GraphicsMagick, a collection of image processing tool, which can cause denial of service ... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177834.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2016-5244 – Ubuntu Security Notice USN-3071-2
https://notcve.org/view.php?id=CVE-2016-5244
27 Jun 2016 — The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message. La función rds_inc_info_copy en net/rds/recv.c en el kernel de Linux hasta la versión 4.6.3 no inicializa un cierto miembro de estructura, lo que permite a atacantes remotos obtener información sensible de la memoria de pila del kernel leyendo un mensaje RDS. Kangjie... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4116def2337991b39919f3b448326e21c40e0dbb • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 15%CPEs: 62EXPL: 2CVE-2016-5766 – gd: Integer overflow in _gd2GetHeader() resulting in heap overflow
https://notcve.org/view.php?id=CVE-2016-5766
26 Jun 2016 — Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image. Desbordamiento de entero en la función _gd2GetHeader en gd_gd2.c en la GD Graphics Library (también conocido como libgd) en versiones anter... • http://github.com/php/php-src/commit/7722455726bec8c53458a32851d2a87982cf0eac?w=1 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •