CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 1CVE-2016-6233
https://notcve.org/view.php?id=CVE-2016-6233
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression. Los métodos (1) order y (2) group en Zend_Db_Select en la Zend Framework en versiones anteriores a 1.12.19 podrían permitir a atacantes remotos llevar a cabo ataques de inyección SQL a través de vectores relacionados con el uso del patrón de caracteres [\w]* en una expresión regular. • http://www.securityfocus.com/bid/91802 https://framework.zend.com/security/advisory/ZF2016-02 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2JUKFTI6ABK7ZN7IEAGPCLAHCFANMID2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N27AV6AL6B4KGEP3VIMIHQ5LFAKF5FTU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UR5HXNGIUSSIZKMSZYMPBEPZEZTYFTIT https://security.gentoo.org/glsa/201804-10 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 2CVE-2016-4861
https://notcve.org/view.php?id=CVE-2016-4861
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation. Los métodos (1) order y (2) group en Zend_Db_Select en la Zend Framework en versiones anteriores a 1.12.20 podrían permitir a atacantes remotos llevar a cabo ataques de inyección SQL aprovechando el fallo para borrar comentarios de una sentencia SQL antes de la validación. • https://github.com/KosukeShimofuji/CVE-2016-4861 http://jvn.jp/en/jp/JVN18926672/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000158 https://framework.zend.com/security/advisory/ZF2016-03 https://lists.debian.org/debian-lts-announce/2018/06/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2JUKFTI6ABK7ZN7IEAGPCLAHCFANMID2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N27AV6AL6B4KGEP3VIMIHQ5LFAKF5FTU https:/ • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-6866
https://notcve.org/view.php?id=CVE-2016-6866
slock allows attackers to bypass the screen lock via vectors involving an invalid password hash, which triggers a NULL pointer dereference and crash. slock permite a atacantes eludir el bloqueo de pantalla a través de vectores que involucran un hash de contraseña inválido, lo que desencadena una referencia a puntero NULL y caída. • http://git.suckless.org/slock/commit/?id=d8bec0f6fdc8a246d78cb488a0068954b46fcb29 http://s1m0n.dft-labs.eu/files/slock/slock.txt http://www.openwall.com/lists/oss-security/2016/08/18/22 http://www.openwall.com/lists/oss-security/2016/08/18/24 http://www.securityfocus.com/bid/92546 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FYPV6QQPPYBL3Z2BYNYEJB67FSC55OR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RZPEJQN • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 1CVE-2013-7459
https://notcve.org/view.php?id=CVE-2013-7459
Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py. Desbordamiento de búfer basado en memoria dinámica en la función ALGnew en block_templace.c en Python Cryptography Toolkit (también conocido como pycrypto) permite a atacantes remotos ejecutar código arbitrario como se demuestra por un parámetro iv manipulado para cryptmsg.py. • http://www.openwall.com/lists/oss-security/2016/12/27/8 http://www.securityfocus.com/bid/95122 https://bugzilla.redhat.com/show_bug.cgi?id=1409754 https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4 https://github.com/dlitz/pycrypto/issues/176 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C6BWNADPLKDBBQBUT3P75W7HAJCE7M3B https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RJ37R2YLX56YZABFNAOWV4VTHTGYREAE https • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 1%CPEs: 3EXPL: 0CVE-2016-4796
https://notcve.org/view.php?id=CVE-2016-4796
Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (crash) via a crafted .j2k file. Desbordamiento de búfer basado en memoria dinámica en el color_cmyk_to_rgb en common/color.c en OpenJPEG en versiones anteriores a 2.1.1 permite a atacantes remotos ocasionar una denegación de servicio (caída) a través de un archivo .j2k manipulado. • http://www.openwall.com/lists/oss-security/2016/05/13/2 https://bugzilla.redhat.com/show_bug.cgi?id=1335482 https://github.com/uclouvain/openjpeg/commit/162f6199c0cd3ec1c6c6dc65e41b2faab92b2d91 https://github.com/uclouvain/openjpeg/issues/774 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FFMOZOF2EI6N2CR23EQ5EATWLQKBMHW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BJM23YERMEC6LCTWBUH7LZURGSLZDFDH https://lists.fedoraproject.org/archives/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •