CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-4797
https://notcve.org/view.php?id=CVE-2016-4797
03 Feb 2017 — Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (application crash) via a crafted jp2 file. NOTE: this issue exists because of an incorrect fix for CVE-2014-7947. La vulnerabilidad divide por cero en la función opj_tcd_init_tile en tcd.c en OpenJPEG en versiones anteriores a 2.1.1 permite a los atacantes remotos causar una denegación de servicio (caída de la aplicación) a través de un archivo jp2 elaborado.... • http://www.openwall.com/lists/oss-security/2016/05/13/2 • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2016-8569
https://notcve.org/view.php?id=CVE-2016-8569
03 Feb 2017 — The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file. La función git_oid_nfmt en commit.c en libgit2 en versiones anteriores a 0.24.3 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL) a través de un comando cat-file con un archivo de objeto manipulado. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00075.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-9108
https://notcve.org/view.php?id=CVE-2016-9108
03 Feb 2017 — Integer overflow in the js_regcomp function in regexp.c in Artifex Software, Inc. MuJS before commit b6de34ac6d8bb7dd5461c57940acfbd3ee7fd93e allows attackers to cause a denial of service (application crash) via a crafted regular expression. Desbordamiento de entero en la función js_regcomp en regexp.c en Artifex Software, Inc. MuJS en versiones anteriores a commit b6de34ac6d8bb7dd5461c57940acfbd3ee7fd93e permite a atacantes provocar una denegación de servicio (caída de la aplicación) a través de una expres... • http://www.openwall.com/lists/oss-security/2016/10/30/12 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2016-8568
https://notcve.org/view.php?id=CVE-2016-8568
03 Feb 2017 — The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file. La función git_commit_message en oid.c en libgit2 en versiones anteriores a 0.24.3 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un comando cat-file con un archivo de objeto manipulado. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00075.html • CWE-125: Out-of-bounds Read •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2016-9085 – Gentoo Linux Security Advisory 201701-61
https://notcve.org/view.php?id=CVE-2016-9085
24 Jan 2017 — Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors. Múltiples desbordamientos de entero en libwebp permiten a atacantes tener un impacto no especificado a través de vectores desconocidos. Multiple vulnerabilities have been discovered in WebP, the worst of which could allow a remote attacker to cause a Denial of Service condition. Versions less than 0.5.2 are affected. • http://www.openwall.com/lists/oss-security/2016/10/27/3 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-8605
https://notcve.org/view.php?id=CVE-2016-8605
12 Jan 2017 — The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected. • http://www.openwall.com/lists/oss-security/2016/10/12/1 • CWE-275: Permission Issues •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2016-8606
https://notcve.org/view.php?id=CVE-2016-8606
12 Jan 2017 — The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack. El servidor REPL (--listen) en GNU Guile 2.0.12 permite a un atacante ejecutar código arbitrario a través de un ataque interprotocolo HTTP. • http://www.openwall.com/lists/oss-security/2016/10/12/2 • CWE-284: Improper Access Control •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2016-7543 – bash: Specially crafted SHELLOPTS+PS4 variables allows command substitution
https://notcve.org/view.php?id=CVE-2016-7543
02 Jan 2017 — Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables. Bash en versiones anteriores a 4.4 permite a usuarios locales ejecutar comandos arbitrarios con privilegios root a través de variables de entorno SHELLOPTS y PS4 manipuladas. An arbitrary command injection flaw was found in the way bash processed the SHELLOPTS and PS4 environment variables. A local, authenticated attacker could use this flaw to exploit poorly written set... • http://rhn.redhat.com/errata/RHSA-2017-0725.html • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.3EPSS: 17%CPEs: 4EXPL: 3CVE-2016-2334 – Gentoo Linux Security Advisory 201701-27
https://notcve.org/view.php?id=CVE-2016-2334
13 Dec 2016 — Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image. Desbordamiento de búfer basado en memoria dinámica en el método NArchive::NHfs::CHandler::ExtractZlibFile en 7zip en versiones anteriores a 16.00 y p7zip permite a atacantes remotos ejecutar código arbitrario a través de una imagen HFS+ manipulada. Multiple vulnerabilities have been found in 7-Zip, the worst of which may... • https://github.com/icewall/CVE-2016-2334 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0CVE-2016-9243 – Ubuntu Security Notice USN-3138-1
https://notcve.org/view.php?id=CVE-2016-9243
28 Nov 2016 — HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size. HKDF en criptografía en versiones anteriores a 1.5.2 devuelve una cadena de bytes vacía si se utiliza con una longitud inferior que algorithm.digest_size. Markus Doering discovered that python-cryptography incorrectly handled certain HKDF lengths. This could result in python-cryptography returning an empty string instead of the expected derived key. • http://www.openwall.com/lists/oss-security/2016/11/09/2 • CWE-20: Improper Input Validation •