CVSS: 9.3EPSS: 4%CPEs: 34EXPL: 0CVE-2016-4156 – flash-plugin: multiple code execution issues fixed in APSB16-18
https://notcve.org/view.php?id=CVE-2016-4156
16 Jun 2016 — Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. Vulnerabilidad no especificada en Adobe Flash Player 21.0.0.242 y versiones anteriores, tal como se utiliza en las librerías Adobe Flash en Microsoft Internet Explorer 10 y 11 y Microsoft Edge, tiene vectores de ataque e impacto no conocidos... • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html •
CVSS: 9.3EPSS: 3%CPEs: 29EXPL: 0CVE-2016-4151 – flash-plugin: multiple code execution issues fixed in APSB16-18
https://notcve.org/view.php?id=CVE-2016-4151
16 Jun 2016 — Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. Vulnerabilidad no especificada en Adobe Flash Player 21.0.0.242 y versiones anteriores, tal como se utiliza en las librerías Adobe Flash en Microsoft Internet Explorer 10 y 11 y Microsoft Edge, tiene vectores de ataque e impacto no conocidos... • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 3%CPEs: 29EXPL: 0CVE-2016-4152 – flash-plugin: multiple code execution issues fixed in APSB16-18
https://notcve.org/view.php?id=CVE-2016-4152
16 Jun 2016 — Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. Vulnerabilidad no especificada en Adobe Flash Player 21.0.0.242 y versiones anteriores, tal como se utiliza en las librerías Adobe Flash en Microsoft Internet Explorer 10 y 11 y Microsoft Edge, tiene vectores de ataque e impacto no conocidos... • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 3%CPEs: 29EXPL: 0CVE-2016-4150 – flash-plugin: multiple code execution issues fixed in APSB16-18
https://notcve.org/view.php?id=CVE-2016-4150
16 Jun 2016 — Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. Vulnerabilidad no especificada en Adobe Flash Player 21.0.0.242 y versiones anteriores, tal como se utiliza en las librerías Adobe Flash en Microsoft Internet Explorer 10 y 11 y Microsoft Edge, tiene vectores de ataque e impacto no conocidos... • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 56%CPEs: 24EXPL: 0CVE-2016-5118 – ImageMagick: Remote code execution via filename
https://notcve.org/view.php?id=CVE-2016-5118
30 May 2016 — The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. La función OpenBlob en blob.c en GraphicsMagick en versiones anteriores a 1.3.24 y ImageMagick permite a atacantes remotos ejecutar código arbitrario a través del caractér | (tubería) en el inicio del nombre de archivo. It was discovered that ImageMagick did not properly sanitize certain input before using it to invoke processe... • http://git.imagemagick.org/repos/ImageMagick/commit/40639d173aa8c76b850d625c630b711fee4dcfb8 • CWE-20: Improper Input Validation •
CVSS: 5.8EPSS: 89%CPEs: 84EXPL: 2CVE-2016-3715 – ImageMagick Arbitrary File Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2016-3715
05 May 2016 — The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. El codificador EPHEMERAL en ImageMagick en versiones anteriores a 6.9.3-10 y 7.x en versiones anteriores a 7.0.1-1 permite a atacantes remotos eliminar archivos arbitrarios a través de una imagen manipulada. It was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted... • https://www.exploit-db.com/exploits/39767 • CWE-20: Improper Input Validation CWE-552: Files or Directories Accessible to External Parties •
CVSS: 5.5EPSS: 90%CPEs: 84EXPL: 1CVE-2016-3718 – ImageMagick Server-Side Request Forgery (SSRF) Vulnerability
https://notcve.org/view.php?id=CVE-2016-3718
05 May 2016 — The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. Los codificadores (1) HTTP y (2) FTP en ImageMagick en versiones anteriores a 6.9.3-10 y 7.x en versiones anteriores a 7.0.1-1 permiten a atacantes remotos llevar a cabo ataques de falsificación de peticiones del lado del servidor (SSRF) a través de una imagen manipulada. A server-side request forgery flaw was discovered in th... • https://www.exploit-db.com/exploits/39767 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.9EPSS: 0%CPEs: 15EXPL: 0CVE-2016-3951 – Ubuntu Security Notice USN-3002-1
https://notcve.org/view.php?id=CVE-2016-3951
02 May 2016 — Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor. Vulnerabilidad de liberación de memoria doble en drivers/net/usb/cdc_ncm.c en el kernel de Linux en versiones anteriores a 4.5 permite a atacantes físicamente próximos provocar una denegación de servicio (caída de sistema) o posiblemente tener ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1666984c8625b3db19a9abc298931d35ab7bc64b •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2015-8845 – kernel: incorrect restoration of machine specific registers from userspace
https://notcve.org/view.php?id=CVE-2015-8845
27 Apr 2016 — The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application. La función tm_reclaim_thread en arch/powerpc/kernel/process.c en el Kernel de Linux en versiones anteriores a 4.4.1 sobre plataformas powerpc no asegura que exista el modo TM suspend antes de ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7f821fc9c77a9b01fe7b1d6e72717b33d8d64142 • CWE-284: Improper Access Control CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 4.7EPSS: 0%CPEs: 42EXPL: 0CVE-2016-0642 – mysql: unspecified vulnerability in subcomponent: Server: Federated (CPU April 2016)
https://notcve.org/view.php?id=CVE-2016-0642
21 Apr 2016 — Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated. Vulnerabilidad no especificada en Oracle MySQL 5.5.48 y versiones anteriores, 5.6.29 y versiones anteriores y 5.7.11 y versiones anteriores permite a usuarios locales afectar a la integridad y disponibilidad a través de vectores relacionados con Federated. MariaDB is a multi-user, multi-threaded SQL database server.... • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html •