CVE-2019-7317 – libpng: use-after-free in png_image_free in png.c
https://notcve.org/view.php?id=CVE-2019-7317
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. La función png_image_free en el archivo png.c en libpng versiones 1.6.x anteriores a 1.6.37, presenta un uso de la memoria previamente liberada porque la función png_image_free_function es llamada bajo png_safe_execute. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html http://www.securityfocus.com/bid/108098 https:/ • CWE-400: Uncontrolled Resource Consumption CWE-416: Use After Free •
CVE-2016-1894
https://notcve.org/view.php?id=CVE-2016-1894
NetApp OnCommand Workflow Automation before 3.1P2 allows remote attackers to bypass authentication via unspecified vectors. NetApp OnCommand Workflow Automation en versiones anteriores a 3.1P2 permite a atacantes remotos eludir la autenticación a través de vectores no especificados. • https://kb.netapp.com/support/s/article/cve-2016-1894-authentication-bypass-vulnerability-in-oncommand-workflow-automation https://security.netapp.com/advisory/ntap-20160310-0001 • CWE-284: Improper Access Control •
CVE-2015-3292 – Java - Debug Wire Protocol Remote Code Execution
https://notcve.org/view.php?id=CVE-2015-3292
The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 and 3.x before 3.0P1 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors. El instalador en NetApp OnCommand Workflow Automation anterior a 2.2.1P1 y 3.x anterior a 3.0P1 monta el sevicio Java Debugging Wire Protocol (JDWP), lo que permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. • https://www.exploit-db.com/exploits/33789 http://www.securityfocus.com/bid/74891 https://kb.netapp.com/support/index?page=content&id=9010037 • CWE-17: DEPRECATED: Code •