CVSS: 7.5EPSS: 9%CPEs: 6EXPL: 0CVE-2014-8157 – jasper: dec->numtiles off-by-one check in jpc_dec_process_sot() (oCERT-2015-001)
https://notcve.org/view.php?id=CVE-2014-8157
Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow. Error de superación de límite (off-by-one) en la función jpc_dec_process_sot en JasPer 1.900.1 y anteriores permite a atacantes remotos causar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de una imagen JPEG 2000 manipulada, lo que provoca un desbordamiento de buffer basado en memoria dinámica. An off-by-one flaw, leading to a heap-based buffer overflow, was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. • http://advisories.mageia.org/MGASA-2015-0038.html http://lists.opensuse.org/opensuse-updates/2015-02/msg00014.html http://rhn.redhat.com/errata/RHSA-2015-0074.html http://rhn.redhat.com/errata/RHSA-2015-0698.html http://secunia.com/advisories/62583 http://secunia.com/advisories/62615 http://secunia.com/advisories/62619 http://secunia.com/advisories/62765 http://www.debian.org/security/2015/dsa-3138 http://www.mandriva.com/security/advisories?name=MDVSA-2015:034 http:/&# • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •
CVSS: 2.1EPSS: 0%CPEs: 62EXPL: 0CVE-2015-0418
https://notcve.org/view.php?id=CVE-2015-0418
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0377. Vulnerabilidad no especificada en el componente Oracle VM VirtualBox en Oracle Virtualization VirtualBox anterior a 3.2.26, 4.0.28, 4.1.36, y 4.2.28 permite a usuarios locales afectar la disponibilidad a través de vectores relacionados con Core, una vulnerabilidad diferente de CVE-2015-0377. • http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.html http://secunia.com/advisories/62694 http://www.debian.org/security/2015/dsa-3143 http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.securityfocus.com/bid/72194 https://exchange.xforce.ibmcloud.com/vulnerabilities/100182 https://security.gentoo.org/glsa/201612-27 •
CVSS: 3.2EPSS: 0%CPEs: 3EXPL: 0CVE-2015-0427
https://notcve.org/view.php?id=CVE-2015-0427
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2014-6595. Vulnerabilidad no especificada en el componente Oracle VM VirtualBox en Oracle Virtualization VirtualBox anterior a 4.3.20 permite a usuarios locales afectar la integridad y la disponibilidad a través de vectores relacionados con el dispositivo de gráficos virtuales VMSVGA, una vulnerabilidad diferente a CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, y CVE-2014-6595. • http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.html http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.securityfocus.com/bid/72216 https://exchange.xforce.ibmcloud.com/vulnerabilities/100181 https://security.gentoo.org/glsa/201612-27 •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 1CVE-2015-1196
https://notcve.org/view.php?id=CVE-2015-1196
GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file. El parche de GNU 2.7.1 permite a atacantes remotos escribir a ficheros arbitrarios a través de un ataque de enlace simbólico en un fichero del parche. • http://git.savannah.gnu.org/cgit/patch.git/commit/?id=4e9269a5fc1fe80a1095a92593dd85db871e1fd3 http://lists.opensuse.org/opensuse-updates/2015-02/msg00013.html http://seclists.org/oss-sec/2015/q1/173 http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html http://www.securityfocus.com/bid/72074 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775227 https://bugzilla.redhat.com/show_bug.cgi?id=1182154 https://exchange.xforce.ibmcloud.com/vulnerabilities/99967 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 4.4EPSS: 0%CPEs: 62EXPL: 0CVE-2015-0377
https://notcve.org/view.php?id=CVE-2015-0377
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0418. Vulnerabilidad no especificada en el componente Oracle VM VirtualBox en Oracle Virtualization VirtualBox anterior a 3.2.26, 4.0.28, 4.1.36, y 4.2.28 permite a usuarios locales afectar la disponibilidad a través de vectores desconocidos relacionados con Core, una vulnerabilidad diferente a CVE-2015-0418. • http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.html http://secunia.com/advisories/62694 http://www.c7zero.info/stuff/csw2017_ExploringYourSystemDeeper_updated.pdf http://www.debian.org/security/2015/dsa-3143 http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.securityfocus.com/bid/72219 https://exchange.xforce.ibmcloud.com/vulnerabilities/100176 https://security.gentoo.org/glsa/201612-27 •