CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 1CVE-2016-3981
https://notcve.org/view.php?id=CVE-2016-3981
Heap-based buffer overflow in the bmp_read_rows function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file. Desbordamiento de buffer basado en memoria dinámica en la función bmp_read_rows en pngxrbmp.c en OptiPNG en versiones anteriores a 0.7.6 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de rango o escritura de acceso y caída) o posiblemente ejecutar código arbitrario a través de un archivo de imagen manipulado. • http://bugs.fi/media/afl/optipng/1 http://lists.opensuse.org/opensuse-updates/2016-04/msg00061.html http://lists.opensuse.org/opensuse-updates/2016-04/msg00065.html http://www.debian.org/security/2016/dsa-3546 http://www.ubuntu.com/usn/USN-2951-1 https://security.gentoo.org/glsa/201608-01 https://sourceforge.net/p/optipng/bugs/56 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 0CVE-2016-3982
https://notcve.org/view.php?id=CVE-2016-3982
Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow. Error por un paso en la función bmp_rle4_fread en pngxrbmp.c en OptiPNG en versiones anteriores a 0.7.6 permite a atacantes remotos provocar una denegación de servicio (acceso a lectura o escritura fuera de rango y caída) o posiblemente ejecutar código arbitrario a través de un archivo de imagen manipulado, lo que desencadena un desbordamiento de buffer basado en memoria dinámica. • http://bugs.fi/media/afl/optipng/2 http://lists.opensuse.org/opensuse-updates/2016-04/msg00061.html http://lists.opensuse.org/opensuse-updates/2016-04/msg00065.html http://www.debian.org/security/2016/dsa-3546 http://www.ubuntu.com/usn/USN-2951-1 https://security.gentoo.org/glsa/201608-01 https://sourceforge.net/p/optipng/bugs/57 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 3%CPEs: 11EXPL: 1CVE-2016-2118 – samba: SAMR and LSA man in the middle attacks
https://notcve.org/view.php?id=CVE-2016-2118
The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "BADLOCK." Las implementaciones de protocolo MS-SAMR y MS-LSAD en Samba 3.x y 4.x en versiones anteriores a 4.2.11, 4.3.x en versiones anteriores a 4.3.8 y 4.4.x en versiones anteriores a 4.4.2 no maneja correctamente las conexiones DCERPC, lo que permite a atacantes man-in-the-middle llevar a cabo ataques de desactualización de protocolo y hacerse pasar por usuarios modificando el flujo de datos cliente-servidor, también conocida como "BADLOCK". A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. As a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. • https://github.com/nickanderson/cfengine-CVE-2016-2118 http://badlock.org http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182185.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182272.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182288.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00021.html http://lists.opensuse.org/opensuse-security- • CWE-254: 7PK - Security Features CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-3157
https://notcve.org/view.php?id=CVE-2016-3157
The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel does not properly context-switch IOPL on 64-bit PV Xen guests, which allows local guest OS users to gain privileges, cause a denial of service (guest OS crash), or obtain sensitive information by leveraging I/O port access. La función __switch_to en arch/x86/kernel/process_64.c en el kernel de Linux no sustituye correctamente el conmutador de contexto IOPL en invitados 64-bit PV Xen, lo que permite a usuarios locales del SO invitado obtener privilegios, provocar una denegación de servicio (caída del SO invitado), u obtener información sensible aprovechando el puerto de acceso I/O. • http://www.debian.org/security/2016/dsa-3607 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/84594 http://www.securitytracker.com/id/1035308 http://www.ubuntu.com/usn/USN-2968-1 http://www.ubuntu.com/usn/USN-2968-2 http://www.ubuntu.com/usn/USN-2969-1 http://www.ubuntu.com/usn/USN-2970-1 http://www.ubuntu.com/usn/USN-2971-1 http://www.ubuntu.com/usn/USN-2971-2 http://www.ubun • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.4EPSS: 0%CPEs: 35EXPL: 0CVE-2016-2857 – Qemu: net: out of bounds read in net_checksum_calculate()
https://notcve.org/view.php?id=CVE-2016-2857
The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet. La función net_checksum_calculate en net/checksum.c en QEMU permite a usuarios del SO invitado provocar una denegación de servicio (lectura de memoria dinámica fuera de rango y caída) a través de una longitud de la carga útil en un paquete manipulado. An out-of-bounds read-access flaw was found in the QEMU emulator built with IP checksum routines. The flaw could occur when computing a TCP/UDP packet's checksum, because a QEMU function used the packet's payload length without checking against the data buffer's size. A user inside a guest could use this flaw to crash the QEMU process (denial of service). • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=362786f14a753d8a5256ef97d7c10ed576d6572b http://rhn.redhat.com/errata/RHSA-2016-2670.html http://rhn.redhat.com/errata/RHSA-2016-2671.html http://rhn.redhat.com/errata/RHSA-2016-2704.html http://rhn.redhat.com/errata/RHSA-2016-2705.html http://rhn.redhat.com/errata/RHSA-2016-2706.html http://rhn.redhat.com/errata/RHSA-2017-0083.html http://rhn.redhat.com/errata/RHSA-2017-0309.html http://rhn.redhat.com/errata/RHSA- • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •