Page 7 of 70 results (0.004 seconds)

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2016-9108

https://notcve.org/view.php?id=CVE-2016-9108

Integer overflow in the js_regcomp function in regexp.c in Artifex Software, Inc. MuJS before commit b6de34ac6d8bb7dd5461c57940acfbd3ee7fd93e allows attackers to cause a denial of service (application crash) via a crafted regular expression. Desbordamiento de entero en la función js_regcomp en regexp.c en Artifex Software, Inc. MuJS en versiones anteriores a commit b6de34ac6d8bb7dd5461c57940acfbd3ee7fd93e permite a atacantes provocar una denegación de servicio (caída de la aplicación) a través de una expresión regular manipulada. • http://www.openwall.com/lists/oss-security/2016/10/30/12 http://www.securityfocus.com/bid/96006 https://bugzilla.redhat.com/show_bug.cgi?id=1390266 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IMPCTUBV2UUTSKAGVAW3EL6HJJWHRZQZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WMI77FMFDWOTUUKKPTQLIB7JEXFTING4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4FE2LXVJM5PXHUGSFOT2KTA75O5ACV4 • CWE-190: Integer Overflow or Wraparound •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

CVE-2016-8569

https://notcve.org/view.php?id=CVE-2016-8569

The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file. La función git_oid_nfmt en commit.c en libgit2 en versiones anteriores a 0.24.3 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL) a través de un comando cat-file con un archivo de objeto manipulado. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00075.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00103.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00110.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00114.html http://www.openwall.com/lists/oss-security/2016/10/08/7 http://www.securityfocus.com/bid/93465 https://bugzilla.redhat.com/show_bug.cgi?id=1383211 https://github.com/libgit2/libgit2/issues/3937 https://github.com/libgit2 • CWE-476: NULL Pointer Dereference •

CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 1

CVE-2017-5330

https://notcve.org/view.php?id=CVE-2017-5330

ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications. ark en versiones anteriores a 16.12.1 podrían permitir a atacantes remotos ejecutar código arbitrario a través de un ejecutable en un archivo, relacionado con las aplicaciones asociadas. • http://www.openwall.com/lists/oss-security/2017/01/10/2 http://www.securityfocus.com/bid/95349 https://bugs.kde.org/show_bug.cgi?id=374572 https://cgit.kde.org/ark.git/commit/?id=82fdfd24d46966a117fa625b68784735a40f9065 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NIMZUCG6IQR5S65IVQOXQFQV7TMVSYAT https://security.gentoo.org/glsa/201701-69 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2016-9085

https://notcve.org/view.php?id=CVE-2016-9085

Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors. Múltiples desbordamientos de entero en libwebp permiten a atacantes tener un impacto no especificado a través de vectores desconocidos. • http://www.openwall.com/lists/oss-security/2016/10/27/3 http://www.securityfocus.com/bid/93928 https://bugzilla.redhat.com/show_bug.cgi?id=1389338 https://chromium.googlesource.com/webm/libwebp/+/e2affacc35f1df6cc3b1a9fa0ceff5ce2d0cce83 https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LG5Q42J7EJDKQKWTTHCO4YZMOMP74YPQ https://lists.fedoraproject.org/archives/list/pac • CWE-190: Integer Overflow or Wraparound •

CVSS: 9.8EPSS: 94%CPEs: 3EXPL: 2

CVE-2016-9299 – Jenkins CLI - HTTP Java Deserialization

https://notcve.org/view.php?id=CVE-2016-9299

The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server. El módulo remoting en Jenkins en versiones anteriores a 2.32 y LTS en versiones anteriores a 2.19.3 permite a atacantes remotos ejecutar código arbitrario a través de un objeto Java serializado, lo que desencadena una consulta LDAP a un servidor de terceros. • https://www.exploit-db.com/exploits/44642 https://github.com/r00t4dm/Jenkins-CVE-2016-9299 http://www.openwall.com/lists/oss-security/2016/11/12/4 http://www.openwall.com/lists/oss-security/2016/11/14/9 http://www.securityfocus.com/bid/94281 http://www.slideshare.net/codewhitesec/java-deserialization-vulnerabilities-the-forgotten-bug-class-deepsec-edition https://groups.google.com/forum/#%21original/jenkinsci-advisories/-fc-w9tNEJE/GRvEzWoJBgAJ https://groups.google.com/forum/# • CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') •