CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2016-8568
https://notcve.org/view.php?id=CVE-2016-8568
The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file. La función git_commit_message en oid.c en libgit2 en versiones anteriores a 0.24.3 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un comando cat-file con un archivo de objeto manipulado. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00075.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00103.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00110.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00114.html http://www.openwall.com/lists/oss-security/2016/10/08/7 http://www.securityfocus.com/bid/93466 https://bugzilla.redhat.com/show_bug.cgi?id=1383211 https://github.com/libgit2/libgit2/issues/3936 https://github.com/libgit2 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2016-8569
https://notcve.org/view.php?id=CVE-2016-8569
The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file. La función git_oid_nfmt en commit.c en libgit2 en versiones anteriores a 0.24.3 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL) a través de un comando cat-file con un archivo de objeto manipulado. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00075.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00103.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00110.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00114.html http://www.openwall.com/lists/oss-security/2016/10/08/7 http://www.securityfocus.com/bid/93465 https://bugzilla.redhat.com/show_bug.cgi?id=1383211 https://github.com/libgit2/libgit2/issues/3937 https://github.com/libgit2 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 1CVE-2017-5330
https://notcve.org/view.php?id=CVE-2017-5330
ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications. ark en versiones anteriores a 16.12.1 podrían permitir a atacantes remotos ejecutar código arbitrario a través de un ejecutable en un archivo, relacionado con las aplicaciones asociadas. • http://www.openwall.com/lists/oss-security/2017/01/10/2 http://www.securityfocus.com/bid/95349 https://bugs.kde.org/show_bug.cgi?id=374572 https://cgit.kde.org/ark.git/commit/?id=82fdfd24d46966a117fa625b68784735a40f9065 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NIMZUCG6IQR5S65IVQOXQFQV7TMVSYAT https://security.gentoo.org/glsa/201701-69 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2016-9085
https://notcve.org/view.php?id=CVE-2016-9085
Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors. Múltiples desbordamientos de entero en libwebp permiten a atacantes tener un impacto no especificado a través de vectores desconocidos. • http://www.openwall.com/lists/oss-security/2016/10/27/3 http://www.securityfocus.com/bid/93928 https://bugzilla.redhat.com/show_bug.cgi?id=1389338 https://chromium.googlesource.com/webm/libwebp/+/e2affacc35f1df6cc3b1a9fa0ceff5ce2d0cce83 https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LG5Q42J7EJDKQKWTTHCO4YZMOMP74YPQ https://lists.fedoraproject.org/archives/list/pac • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2016-10027
https://notcve.org/view.php?id=CVE-2016-10027
Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "starttls" feature from a server response. Condición de carrera en la librería XMPP en Smack en versiones anteriores a 4.1.9, cuando se ha establecido la configuración TLS SecurityMode.required, permite a atacantes man-in-the-middle eludir las protecciones TLS y desencadenar el uso de texto plano para la autenticación del cliente eliminando la función "starttls" de una respuesta del servidor. • http://www.openwall.com/lists/oss-security/2016/12/22/12 http://www.securityfocus.com/bid/95129 https://community.igniterealtime.org/blogs/ignite/2016/11/22/smack-security-advisory-2016-11-22 https://github.com/igniterealtime/Smack/commit/059ee99ba0d5ff7758829acf5a9aeede09ec820b https://github.com/igniterealtime/Smack/commit/a9d5cd4a611f47123f9561bc5a81a4555fe7cb04 https://issues.igniterealtime.org/projects/SMACK/issues/SMACK-739 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •