CVSS: 7.5EPSS: 2%CPEs: 7EXPL: 0CVE-2014-9745 – Debian Security Advisory 3370-1
https://notcve.org/view.php?id=CVE-2014-9745
14 Sep 2015 — The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (infinite loop) via a "broken number-with-base" in a Postscript stream, as demonstrated by 8#garbage. Vulnerabilidad en la función parse_encoding en type1/t1load.c en FreeType en versiones anteriores a 2.5.3, permite a atacantes remotos causar una denegación de servicio (bucle infinito) a través de un 'broken number-with-base' en un stream Postscript, según lo demostrado por 8#garbage.... • http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=df14e6c0b9592cbb24d5381dfc6106b14f915e75 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6818 – Ubuntu Security Notice USN-2944-1
https://notcve.org/view.php?id=CVE-2015-6818
06 Sep 2015 — The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR (aka image header) chunk in a PNG image, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted image with two or more of these chunks. Vulnerabilidad en la función decode_ihdr_chunk en libavcodec/pngdec.c en FFmpeg en versiones anteriores a 2.7.2, no impone la singularidad del fragmento IHDR (también con... • http://ffmpeg.org/security.html • CWE-17: DEPRECATED: Code •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6820 – Ubuntu Security Notice USN-2944-1
https://notcve.org/view.php?id=CVE-2015-6820
06 Sep 2015 — The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before 2.7.2 does not check for a matching AAC frame syntax element before proceeding with Spectral Band Replication calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted AAC data. Vulnerabilidad en la función ff_sbr_apply en libavcodec/aacsbr.c en FFmpeg en versiones anteriores a 2.7.2, no verifica la coincidencia de un elemento de sintaxis con mar... • http://ffmpeg.org/security.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6824 – Ubuntu Security Notice USN-2944-1
https://notcve.org/view.php?id=CVE-2015-6824
06 Sep 2015 — The sws_init_context function in libswscale/utils.c in FFmpeg before 2.7.2 does not initialize certain pixbuf data structures, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted video data. Vulnerabilidad en la función sws_init_context en libswscale/utils.c en FFmpeg en versiones anteriores a 2.7.2, no inicializa ciertas estructuras de datos pixbuf, lo que permite a atacantes remotos causar una denegación de servicio (vio... • http://ffmpeg.org/security.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6826 – Ubuntu Security Notice USN-2944-1
https://notcve.org/view.php?id=CVE-2015-6826
06 Sep 2015 — The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in FFmpeg before 2.7.2 does not initialize certain structure members, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted (1) RV30 or (2) RV40 RealVideo data. Vulnerabilidad en la función ff_rv34_decode_init_thread_copy en libavcodec/rv34.c en FFmpeg en versiones anteriores a 2.7.2, no inicializa ciertos miembros de estructura, lo que permite a atacantes rem... • http://ffmpeg.org/security.html • CWE-20: Improper Input Validation •
CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 0CVE-2015-5200 – Ubuntu Security Notice USN-2729-1
https://notcve.org/view.php?id=CVE-2015-5200
03 Sep 2015 — The trace functionality in libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to write to arbitrary files via unspecified vectors. Vulnerabilidad en la funcionalidad de rastreo en libvdpau en versiones anteriores a 1.1.1, cuando se usa como una aplicación setuid o setgid, permite a usuarios locales escribir archivos arbitrarios a través de vectores no especificados. Florian Weimer of Red Hat Product Security discovered that libvdpau, the VDPAU wrapper library, did not pro... • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170637.html •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2015-5199 – Ubuntu Security Notice USN-2729-1
https://notcve.org/view.php?id=CVE-2015-5199
03 Sep 2015 — Directory traversal vulnerability in dlopen in libvdpau before 1.1.1 allows local users to gain privileges via the VDPAU_DRIVER environment variable. Vulnerabilidad de salto de directorio en dlopen en libvdpau en versiones anteriores a 1.1.1, permite a usuarios locales obtener privilegios a través de la variable de entorno VDPAU_DRIVER. Florian Weimer of Red Hat Product Security discovered that libvdpau, the VDPAU wrapper library, did not properly validate environment variables, allowing local attackers to ... • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170637.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2015-5198 – Ubuntu Security Notice USN-2729-1
https://notcve.org/view.php?id=CVE-2015-5198
03 Sep 2015 — libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to gain privileges via unspecified vectors, related to the VDPAU_DRIVER_PATH environment variable. Vulnerabilidad en libvdpau en versiones anteriores a 1.1.1, cuando se usa como una aplicación setuid o setgid, permite a usuarios locales obtener privilegios a través de vectores no especificados, relacionado con la variable de entorno VDPAU_DRIVER_PATH. Florian Weimer of Red Hat Product Security discovered that libvdpau, th... • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170637.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 46%CPEs: 5EXPL: 0CVE-2012-4428 – Gentoo Linux Security Advisory 201707-05
https://notcve.org/view.php?id=CVE-2012-4428
03 Sep 2015 — openslp: SLPIntersectStringList()' Function has a DoS vulnerability openslp: La función SLPIntersectStringList()' presenta una vulnerabilidad de DoS Georgi Geshev discovered that OpenSLP incorrectly handled processing certain service requests. A remote attacker could possibly use this issue to cause OpenSLP to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Qinghao Tang discovered that OpenSLP incorrectly handled processing certain messages. A remote ... • http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159059.html • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 8%CPEs: 43EXPL: 0CVE-2015-5963 – python-django: Denial-of-service possibility in logout() view by filling session store
https://notcve.org/view.php?id=CVE-2015-5963
18 Aug 2015 — contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record. Vulnerabilidad en contrib.sessions.middleware.SessionMiddleware en Django 1.8.x en versiones anteriores a 1.8.4, 1.7.x en versiones anteriores... • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html • CWE-399: Resource Management Errors CWE-770: Allocation of Resources Without Limits or Throttling •