CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-6905
https://notcve.org/view.php?id=CVE-2016-6905
The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image. La función read_image_tga en gd_tga.c en el GD Graphics Library (también conocido como libgd) en versiones anteriores a 2.2.3 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de fuera de límites) a través de una imagen TGA manipulada. • http://libgd.github.io/release-2.2.3.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00121.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html http://www.openwall.com/lists/oss-security/2016/08/23/1 http://www.securityfocus.com/bid/91743 https://github.com/libgd/libgd/commit/01c61f8ab110a77ae64b5ca67c244c728c506f03 https://github.com/libgd/libgd/commit/3c2b605d72e8b080dace1d98a6e50b46c1d12186 https://github.com/libgd/libgd/issues/248 https://github.com/libgd/libgd • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2013-4118
https://notcve.org/view.php?id=CVE-2013-4118
FreeRDP before 1.1.0-beta1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors. FreeRDP en versiones anteriores a 1.1.0-beta1 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída de aplicación) a través de vectores no especificados. • http://lists.opensuse.org/opensuse-updates/2016-09/msg00101.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00102.html http://www.openwall.com/lists/oss-security/2013/07/11/12 http://www.openwall.com/lists/oss-security/2013/07/12/2 http://www.securityfocus.com/bid/61072 https://github.com/FreeRDP/FreeRDP/commit/7d58aac24fe20ffaad7bd9b40c9ddf457c1b06e7 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2016-7445
https://notcve.org/view.php?id=CVE-2016-7445
convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s. convert.c en OpenJPEG en versiones anteriores a 2.1.2 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída de aplicación) a través de vectores que involucran a la variable s. • http://lists.opensuse.org/opensuse-updates/2016-09/msg00109.html http://www.openwall.com/lists/oss-security/2016/09/18/4 http://www.openwall.com/lists/oss-security/2016/09/18/6 http://www.securityfocus.com/bid/93040 https://github.com/uclouvain/openjpeg/blob/openjpeg-2.1/CHANGELOG.md https://github.com/uclouvain/openjpeg/issues/843 https://security.gentoo.org/glsa/201612-26 • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2016-6172
https://notcve.org/view.php?id=CVE-2016-6172
PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response. PowerDNS (también conocido como pdns) Authoritative Server en versiones anteriores a 4.0.1 permite a servidores DNS primarios remotos provocar una denegación de servicio (agotamiento de memoria y caída del servidor DNS secundario) a través de una gran respuesta (1) AXFR o (2) IXFR. • http://lists.opensuse.org/opensuse-updates/2016-08/msg00085.html http://www.debian.org/security/2016/dsa-3664 http://www.openwall.com/lists/oss-security/2016/07/06/3 http://www.securityfocus.com/bid/91678 http://www.securitytracker.com/id/1036242 https://doc.powerdns.com/md/changelog/#powerdns-authoritative-server-401 https://github.com/PowerDNS/pdns/issues/4128 https://github.com/PowerDNS/pdns/issues/4133 https://github.com/PowerDNS/pdns/pull/4134 https://github.c • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.1EPSS: 0%CPEs: 4EXPL: 0CVE-2016-5746
https://notcve.org/view.php?id=CVE-2016-5746
libstorage, libstorage-ng, and yast-storage improperly store passphrases for encrypted storage devices in a temporary file on disk, which might allow local users to obtain sensitive information by reading the file, as demonstrated by /tmp/libstorage-XXXXXX/pwdf. libstorage, libstorage-ng y yast-storage no almacenan correctamente frases de contraseña para dispositivos de almacenamiento cifrado en un archivo temporal en disco, lo que podría permitir a usuarios locales obtener información sensible leyendo el archivo, según lo demostrado mediante /tmp/libstorage-XXXXXX/pwdf. • http://lists.opensuse.org/opensuse-updates/2016-09/msg00032.html http://www.securityfocus.com/bid/93169 https://bugzilla.suse.com/show_bug.cgi?id=986971 https://github.com/openSUSE/libstorage-ng/pull/123 https://github.com/openSUSE/libstorage/pull/162 https://github.com/openSUSE/libstorage/pull/163 https://github.com/yast/yast-storage/pull/223 https://github.com/yast/yast-storage/pull/224 https://github.com/yast/yast-storage/pull/226 https://github.com/yast/yast&# •