CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 1CVE-2016-9957 – Gentoo Linux Security Advisory 201707-02
https://notcve.org/view.php?id=CVE-2016-9957
12 Apr 2017 — Stack-based buffer overflow in game-music-emu before 0.6.1. Desbordamiento de búfer basado en pila en game-music-emu en versiones anteriores a 0.6.1. Multiple vulnerabilities have been found in Game Music Emu, the worst of which could lead to the execution of arbitrary code. Versions are affected. • http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00090.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2017-17806 – kernel: HMAC implementation does not validate that the underlying cryptographic hash algorithm is unkeyed allowing local attackers to cause denial-of-service
https://notcve.org/view.php?id=CVE-2017-17806
03 Apr 2017 — The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization. La implementación HMAC (crypto/hmac.c) en el kernel de Linux en versiones ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=af3ff8045bbf3e32f1a448542e73abb4c8ceb6f1 • CWE-391: Unchecked Error Condition CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2017-17805 – kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial-of-service
https://notcve.org/view.php?id=CVE-2017-17805
03 Apr 2017 — The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/sals... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ecaaab5649781c5a0effdaf298a925063020500e • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 4%CPEs: 14EXPL: 0CVE-2016-9398 – openSUSE Security Advisory - openSUSE-SU-2020:1523-1
https://notcve.org/view.php?id=CVE-2016-9398
23 Mar 2017 — The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. La función jpc_floorlog2 en jpc_math.c en JasPer en versiones anteriores a 1.900.17 permite a atacantes remotos provocar una denegación de servicio (fallo de aserción) a través de vectores no especificados. An update that fixes 14 vulnerabilities is now available. This update for jasper fixes the following issues. Improved patch for already fixe... • http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00008.html • CWE-617: Reachable Assertion •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1602
https://notcve.org/view.php?id=CVE-2016-1602
23 Mar 2017 — A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfig (usually root). Una inyección de código code injection en la herramienta de recogida de datos supportconfig en supportutils en SUSE Linux Enterprise Server 12 y 12-SP1 y SUSE Linux Enterprise Desktop 12 y 12-SP1 podría ser utilizada por atacantes locales para ... • http://lists.suse.com/pipermail/sle-security-updates/2016-June/002096.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 1%CPEs: 7EXPL: 0CVE-2014-9852
https://notcve.org/view.php?id=CVE-2014-9852
17 Mar 2017 — distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors. distribute-cache.c en ImageMagick vuelve a usar objetos después de haberlos destruido, lo que permite a atacantes remotos tener un impacto no especificado a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html • CWE-913: Improper Control of Dynamically-Managed Code Resources •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2014-9853
https://notcve.org/view.php?id=CVE-2014-9853
17 Mar 2017 — Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file. Fuga de memoria en los coders/rle.c de ImageMagick permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de un archivo rle manipulado. • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2017-5898 – Qemu: usb: integer overflow in emulated_apdu_from_guest
https://notcve.org/view.php?id=CVE-2017-5898
21 Feb 2017 — Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units (APDU) unit. Desbordamiento de entero en la función emulated_apdu_from_guest en usb/dev-smartcard-reader.c en Quick Emulator (Qemu), cuando se construye con el soporte de emulador de dispositivo de CCID Card, permite a usuarios loc... • http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=c7dfbf322595ded4e70b626bf83158a9f3807c6a • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2015-8929 – Gentoo Linux Security Advisory 201701-03
https://notcve.org/view.php?id=CVE-2015-8929
11 Aug 2016 — Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file. Fuga de memoria en la función __archive_read_get_extract en archive_read_extract2.c en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos provocar una denegación de servicio a través de un archivo tar manipulado. An update that fixes 20 vulnerabilities is now available. Libarchive was updated to fix 20 security i... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 1CVE-2015-8928 – libarchive: Heap out of bounds read in mtree parser
https://notcve.org/view.php?id=CVE-2015-8928
14 Jul 2016 — The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. La función process_add_entry en archive_read_support_format_mtree.c en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de rango) a través de un archivo mtree manipulado. A vulnerability was found in libarchive. A specially crafted MTREE file... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html • CWE-125: Out-of-bounds Read •