CVSS: 7.0EPSS: 1%CPEs: 8EXPL: 0CVE-2015-5203 – jasper: integer overflow in jas_image_cmpt_create()
https://notcve.org/view.php?id=CVE-2015-5203
Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. Una vulnerabilidad de liberación doble (double free) en la función jasper_image_stop_load en JasPer 1.900.17 permite que atacantes remotos provoquen una denegación de servicio utilizando un archivo de imagen JPEG 2000 manipulado. • http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.html http://lists.opensuse.org/opensuse-updates/2016-11/msg00018.html http://lists.opensuse.org/opensuse-updates/2016-11/msg00064.html http://www.openwall.com/lists/oss-security/2015/08/16/2 https://access.redhat.com/errata/RHSA-2017:1208 https://bugzilla.redhat.com/show_bug.cgi?id=1254242 https://lists.debian.org/debian-lts-announce/2018/11/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40list • CWE-190: Integer Overflow or Wraparound CWE-415: Double Free •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 1CVE-2016-10243
https://notcve.org/view.php?id=CVE-2016-10243
TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file. TeX Live permite a atacantes remotos ejecutar comandos arbitrarios aprovechando la inclusión de mpost en shell_escape_commands en el archivo de configuración texmf.cnf. • http://www.debian.org/security/2017/dsa-3803 http://www.openwall.com/lists/oss-security/2017/03/05/1 http://www.securityfocus.com/bid/96593 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B7CNJ4HKX7X6V7VMN3UCU7KPY6IX4XRB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL6PUKPWEXYIPIAZRIX5ZLQWCSALVLFP https://scumjr.github.io/2016/11/28/pwning-coworkers-thanks-to-latex https://security.gentoo.org/glsa/201709-07 https:& • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 1CVE-2016-6299
https://notcve.org/view.php?id=CVE-2016-6299
The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file. El complemento scm en mock puede permitir a los atacantes pasar por alto el mecanismo de protección chroot previsto y obtener privilegios de root a través de un archivo de especificaciones manipulado. • http://www.openwall.com/lists/oss-security/2016/09/13/2 http://www.securityfocus.com/bid/92948 https://bugzilla.redhat.com/show_bug.cgi?id=1375490 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFC4LU6GYYEVUK6LQ2FKUGMZXRTLLL5A https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VYLMPA5VLLX67DUJ6XLJ2TIW6CX2CFL4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5PH2YGYWYUAYPHK32SGUZGZXQEBEYNK • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-10132
https://notcve.org/view.php?id=CVE-2016-10132
regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to regular expression compilation. regexp.c en Artifex Software, Inc. MuJS permite a atacantes provocar una denegación de servicio (referencia a puntero NULL y caída) a través de vectores relacionados con la compilación de expresiones regulares. • http://git.ghostscript.com/?p=mujs.git%3Bh=fd003eceda531e13fbdd1aeb6e9c73156496e569 http://www.openwall.com/lists/oss-security/2017/01/12/9 http://www.openwall.com/lists/oss-security/2017/01/13/1 https://bugs.ghostscript.com/show_bug.cgi?id=697381 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3U5APFS3FEBOPXUJIFWBNU55PYR7ZBF • CWE-476: NULL Pointer Dereference •
CVSS: 5.9EPSS: 0%CPEs: 10EXPL: 0CVE-2016-6225
https://notcve.org/view.php?id=CVE-2016-6225
xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6394. xbcrypt en Percona XtraBackup en versiones anteriores a 2.3.6 y 2.4.x en versiones anteriores a 2.4.5 no establece apropiadamente el vector de inicialización (IV) para cifrado, lo que hace más fácil a atacantes dependientes del contexto obtener información sensible de archivos backup cifrados a través de un ataque de texto plano escogido. NOTA: esta vulnerabilidad existe debido a una corrección incompleta para CVE-2013-6394. • http://lists.opensuse.org/opensuse-updates/2017-01/msg00125.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00126.html https://bugs.launchpad.net/percona-xtrabackup/+bug/1643949 https://github.com/percona/percona-xtrabackup/pull/266 https://github.com/percona/percona-xtrabackup/pull/267 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BAHI6ETS22FJCMLW7A6SICFKQXF5G2VI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message&#x • CWE-326: Inadequate Encryption Strength •