CVE-2014-9848
https://notcve.org/view.php?id=CVE-2014-9848
Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption). Fuga de memoria en ImageMagick permite a atacantes remotos provocar una denegación de servicio (consumo de memoria). • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00093.html http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00006.html http://www.openwall.com/lists/oss-security/2016/06/02/13 http://www.ubuntu.com/usn/USN-3131-1 https://bugzilla.redhat& • CWE-399: Resource Management Errors •
CVE-2014-9842
https://notcve.org/view.php?id=CVE-2014-9842
Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. Fuga de memoria en la función ReadPSDLayers en coders/psd.c en ImageMagick 6.8.9.9 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html http://www.openwall.com/lists/oss-security/2016/06/02/13 https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=f9ef11671c41da4cf973d0d880af1cdfbd12786 • CWE-400: Uncontrolled Resource Consumption •
CVE-2014-9850
https://notcve.org/view.php?id=CVE-2014-9850
Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption). Error lógico en ImageMagick 6.8.9.9 permite a atacantes remotos provocar una denegación de servicio (consumo de recursos). • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html http://www.openwall.com/lists/oss-security/2016/06/02/13 http://www.ubuntu.com/usn/USN-3131-1 https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=2257d1eadd02d89d225fce21013a1219d221dc7d https://bugzilla.redhat. • CWE-399: Resource Management Errors •
CVE-2014-9849
https://notcve.org/view.php?id=CVE-2014-9849
The png coder in ImageMagick allows remote attackers to cause a denial of service (crash). El codificador png en ImageMagick permite a atacantes remotos provocar una denegación de servicio (caída). • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html http://www.openwall.com/lists/oss-security/2016/06/02/13 http://www.ubuntu.com/usn/USN-3131-1 https://bugzilla.redhat.com/show_bug.cgi?id=1343509 • CWE-400: Uncontrolled Resource Consumption •
CVE-2016-4997 – Linux Kernel 4.6.2 (Ubuntu 16.04.1) - 'IP6T_SO_SET_REPLACE' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-4997
The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement. Las implementaciones de compat IPT_SO_SET_REPLACE y IP6T_SO_SET_REPLACE setsockopt en el subsistema netfilter en el kernel de Linux antes de 4.6.3 permiten a los usuarios locales obtener privilegios o provocar una denegación de servicio (corrupción de memoria) aprovechando el acceso del root en el contenedor para proporcionar un valor de compensación manipulado que desencadena una disminución no intencionada. A flaw was discovered in processing setsockopt for 32 bit processes on 64 bit systems. This flaw will allow attackers to alter arbitrary kernel memory when unloading a kernel module. This action is usually restricted to root-privileged users but can also be leveraged if the kernel is compiled with CONFIG_USER_NS and CONFIG_NET_NS and the user is granted elevated privileges. • https://www.exploit-db.com/exploits/40489 https://www.exploit-db.com/exploits/40435 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce683e5f9d045e5d67d1312a42b359cb2ab2a13c http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00061.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html http:/ • CWE-20: Improper Input Validation CWE-264: Permissions, Privileges, and Access Controls •