CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 1CVE-2016-9960
https://notcve.org/view.php?id=CVE-2016-9960
game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash). game-music-emu anterior a versión 0.6.1 permite a los usuarios locales causar una denegación de servicio (dividir por cero y bloqueo del proceso). • http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00090.html http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00005.html http://www.openwall.com/lists/oss-security/2016/12/15/11 http://www.securityfocus.com/bid/95305 https://bitbucket.org/mpyne/game-music-emu/wiki/Home https://bugzilla.redhat.com/show_bug.cgi?id=1405423 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6LKMKVYS7AVB2EXC463FUYN6C6FABHME https://lists.fedoraproject • CWE-369: Divide By Zero •
CVSS: 10.0EPSS: 0%CPEs: 12EXPL: 1CVE-2016-9961
https://notcve.org/view.php?id=CVE-2016-9961
game-music-emu before 0.6.1 mishandles unspecified integer values. game-music-emu anterior a versión 0.6.1 maneja inapropiadamente los valores de enteros no especificados. • http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00090.html http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00005.html http://www.openwall.com/lists/oss-security/2016/12/15/11 http://www.securityfocus.com/bid/95305 https://bitbucket.org/mpyne/game-music-emu/wiki/Home https://bugzilla.redhat.com/show_bug.cgi?id=1405423 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6LKMKVYS7AVB2EXC463FUYN6C6FABHME https://lists.fedoraproject • CWE-189: Numeric Errors •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 1CVE-2017-8386 – git: Escape out of git-shell
https://notcve.org/view.php?id=CVE-2017-8386
git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character. git-shell en git en versiones anteriores a la 2.4.12, versiones 2.5.x anteriores a la 2.5.6, versiones 2.6.x anteriores a la 2.6.7, versiones 2.7.x anteriores a la 2.7.5, versiones 2.8.x anteriores a la 2.8.5, versiones 2.9.x anteriores a la 2.9.4, versiones 2.10.x anteriores a la 2.10.3, versiones 2.11.x anteriores a la 2.11.2 y versiones 2.12.x anteriores a la 2.12.3 podría permitir que usuarios remotos autenticados obtengan privilegios mediante un nombre de repositorio que comienza con un carácter - (guion). A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options. • http://lists.opensuse.org/opensuse-updates/2017-05/msg00090.html http://public-inbox.org/git/xmqq8tm5ziat.fsf%40gitster.mtv.corp.google.com http://www.debian.org/security/2017/dsa-3848 http://www.securityfocus.com/bid/98409 http://www.securitytracker.com/id/1038479 http://www.ubuntu.com/usn/USN-3287-1 https://access.redhat.com/errata/RHSA-2017:2004 https://access.redhat.com/errata/RHSA-2017:2491 https://insinuator.net/2017/05/git-shell-bypass-by-abusing-less-cve-2017-8 •
CVSS: 7.0EPSS: 1%CPEs: 8EXPL: 0CVE-2015-5203 – jasper: integer overflow in jas_image_cmpt_create()
https://notcve.org/view.php?id=CVE-2015-5203
Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. Una vulnerabilidad de liberación doble (double free) en la función jasper_image_stop_load en JasPer 1.900.17 permite que atacantes remotos provoquen una denegación de servicio utilizando un archivo de imagen JPEG 2000 manipulado. • http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.html http://lists.opensuse.org/opensuse-updates/2016-11/msg00018.html http://lists.opensuse.org/opensuse-updates/2016-11/msg00064.html http://www.openwall.com/lists/oss-security/2015/08/16/2 https://access.redhat.com/errata/RHSA-2017:1208 https://bugzilla.redhat.com/show_bug.cgi?id=1254242 https://lists.debian.org/debian-lts-announce/2018/11/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40list • CWE-190: Integer Overflow or Wraparound CWE-415: Double Free •
CVSS: 7.0EPSS: 1%CPEs: 8EXPL: 0CVE-2015-5221 – jasper: use-after-free and double-free flaws in mif_process_cmpt()
https://notcve.org/view.php?id=CVE-2015-5221
Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. La vulnerabilidad de uso después liberada (Use-after-free) en la función mif_process_cmpt en el archivo libjasper/mif/mif_cod.c en la biblioteca JPEG-2000 de JasPer anterior a versión 1.900.2, permite a los atacantes remotos causar una denegación de servicio (bloqueo) por medio de un archivo de imagen JPEG 2000 creado. • http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.html http://lists.opensuse.org/opensuse-updates/2016-11/msg00018.html http://lists.opensuse.org/opensuse-updates/2016-11/msg00064.html http://www.openwall.com/lists/oss-security/2015/08/20/4 https://access.redhat.com/errata/RHSA-2017:1208 https://bugzilla.redhat.com/show_bug.cgi?id=1255710 https://github.com/mdadams/jasper/commit/df5d2867e8004e51e18b89865bc4aa69229227b3 https://lists.debian.org/debian-lts-announce/2018/11/msg00023. • CWE-416: Use After Free •