CVSS: 8.8EPSS: 24%CPEs: 62EXPL: 2CVE-2016-5766 – gd: Integer overflow in _gd2GetHeader() resulting in heap overflow
https://notcve.org/view.php?id=CVE-2016-5766
Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image. Desbordamiento de entero en la función _gd2GetHeader en gd_gd2.c en la GD Graphics Library (también conocido como libgd) en versiones anteriores a 2.2.3, como se utiliza en PHP en versiones anteriores a 5.5.37, 5.6.x en versiones anteriores a 5.6.23 y 7.x en versiones anteriores a 7.0.8, permite a atacantes remotos provocar una denegación de servicio (desbordamiento de búfer basado en memoria dinámica y caída de aplicación) o posiblemente tener otro impacto no especificado a través de dimensiones del pedazo en una imagen manipulada. An integer overflow flaw, leading to a heap-based buffer overflow was found in the imagecreatefromgd2() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application using gd via a specially crafted GD2 image. • http://github.com/php/php-src/commit/7722455726bec8c53458a32851d2a87982cf0eac?w=1 http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00025.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://rhn.redhat.com/errata/RHSA-2016-2598.html http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.debian.org/securit • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2015-7538 – jenkins: CSRF protection ineffective (SECURITY-233)
https://notcve.org/view.php?id=CVE-2015-7538
Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors. Jenkins en versiones anteriores a 1.640 y LTS en versiones anteriores a 1.625.2 permite a atacantes remotos eludir el mecanismo de protección CSRF a través de vectores no especificados. • http://rhn.redhat.com/errata/RHSA-2016-0489.html https://access.redhat.com/errata/RHSA-2016:0070 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09 https://access.redhat.com/security/cve/CVE-2015-7538 https://bugzilla.redhat.com/show_bug.cgi?id=1291797 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.6EPSS: 0%CPEs: 4EXPL: 0CVE-2015-7539 – jenkins: Jenkins plugin manager vulnerable to MITM attacks (SECURITY-234)
https://notcve.org/view.php?id=CVE-2015-7539
The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin. The Plugins Manager in Jenkins en versiones anteriores a 1.640 y LTS en versiones anteriores a 1.625.2 no verifica sumas de comprobación para archivos de plugin referenciados en datos del sitio de actualización, lo que facilita a atacantes man-in-the-middle ejecutar código arbitrario a través de un plugin manipulado. • http://rhn.redhat.com/errata/RHSA-2016-0489.html https://access.redhat.com/errata/RHSA-2016:0070 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09 https://access.redhat.com/security/cve/CVE-2015-7539 https://bugzilla.redhat.com/show_bug.cgi?id=1291798 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2015-7537 – jenkins: CSRF vulnerability in some administrative actions (SECURITY-225)
https://notcve.org/view.php?id=CVE-2015-7537
Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method. Vulnerabilidad de CSRF en Jenkins en versiones anteriores a 1.640 y LTS en versiones anteriores a 1.625.2 permite a atacantes remotos secuestrar la autenticación de los administradores en peticiones que tienen un impacto no especificado a través de vectores relacionados con el método HTTP GET. • http://rhn.redhat.com/errata/RHSA-2016-0489.html https://access.redhat.com/errata/RHSA-2016:0070 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09 https://access.redhat.com/security/cve/CVE-2015-7537 https://bugzilla.redhat.com/show_bug.cgi?id=1291795 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 3%CPEs: 27EXPL: 1CVE-2015-5254 – ObjectMessage: unsafe deserialization
https://notcve.org/view.php?id=CVE-2015-5254
Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object. Apache ActiveMQ 5.x en versiones anteriores a 5.13.0 no restringe las clases que pueden ser serializadas en el broker, lo que permite a atacantes remotos ejecutar código arbitrario a través de un objeto ObjectMessage Java Message Service (JMS) serializado manipulado. It was found that use of a JMS ObjectMessage does not safely handle user supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage. • https://github.com/jas502n/CVE-2015-5254 http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174371.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174537.html http://rhn.redhat.com/errata/RHSA-2016-0489.html http://rhn.redhat.com/errata/RHSA-2016-2035.html http://rhn.redhat.com/errata/RHSA-2016-2036.html http://www.debian.org/security/2016/dsa-3524 http:&# • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •