Page 11 of 110 results (0.015 seconds)

CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0

CVE-2016-7949

https://notcve.org/view.php?id=CVE-2016-7949

Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields. Múltiples desbordamientos de búfer en las funciones (1) XvQueryAdaptors y (2) XvQueryEncodings en X.org libXrender en versiones anteriores a 0.9.10 permite a servidores remotos X desencadenar operaciones de escritura fuera de límites a través de vectores que involucran campos de longitud. • http://www.openwall.com/lists/oss-security/2016/10/04/2 http://www.openwall.com/lists/oss-security/2016/10/04/4 http://www.securityfocus.com/bid/93366 http://www.securitytracker.com/id/1036945 https://cgit.freedesktop.org/xorg/lib/libXrender/commit/?id=9362c7ddd1af3b168953d0737877bc52d79c94f4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WCKZFMZ76APAVMIRCUKKHEB4GAS7ZUP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2016-5407

https://notcve.org/view.php?id=CVE-2016-5407

The (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXv before 1.0.11 allow remote X servers to trigger out-of-bounds memory access operations via vectors involving length specifications in received data. Las funciones (1) XvQueryAdaptors y (2) XvQueryEncodings en X.org libXv en versiones anteriores a 1.0.11 permiten a servidores remotos X para desencadenar operaciones de acceso a memoria fuera de rango a través de vectores que involucran especificaciones de longitud en los datos recibidos. • http://www.openwall.com/lists/oss-security/2016/10/04/2 http://www.openwall.com/lists/oss-security/2016/10/04/4 http://www.securityfocus.com/bid/93368 http://www.securitytracker.com/id/1036945 https://cgit.freedesktop.org/xorg/lib/libXv/commit/?id=d9da580b46a28ab497de2e94fdc7b9ff953dab17 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3IA7BLB4C3JOYVU6UASGUJQJKUF6TO7E https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AE2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0

CVE-2016-7946

https://notcve.org/view.php?id=CVE-2016-7946

X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields. X.org libXi en versiones anteriores a 1.7.7 permite a servidores remotos X provocar una denegación de servicio (bucle infinito) a través de vectores que involucran campos de longitud. • http://www.openwall.com/lists/oss-security/2016/10/04/2 http://www.openwall.com/lists/oss-security/2016/10/04/4 http://www.securityfocus.com/bid/93374 http://www.securitytracker.com/id/1036945 https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3NTWIWSQ575GREBVAOUQUIMDL5CDVGP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVT • CWE-284: Improper Access Control •

CVSS: 7.8EPSS: 81%CPEs: 41EXPL: 32

CVE-2016-5195 – Linux Kernel Race Condition Vulnerability

https://notcve.org/view.php?id=CVE-2016-5195

Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW." La condición de carrera en mm / gup.c en el kernel de Linux 2.x a 4.x antes de 4.8.3 permite a los usuarios locales obtener privilegios aprovechando el manejo incorrecto de una función copy-on-write (COW) para escribir en un read- only la cartografía de la memoria, como explotados en la naturaleza en octubre de 2016, vulnerabilidad también conocida como "Dirty COW". A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. Race condition in mm/gup.c in the Linux kernel allows local users to escalate privileges. • https://github.com/dirtycow/dirtycow.github.io https://www.exploit-db.com/exploits/40611 https://www.exploit-db.com/exploits/40838 https://www.exploit-db.com/exploits/40616 https://www.exploit-db.com/exploits/40839 https://www.exploit-db.com/exploits/40847 https://github.com/timwr/CVE-2016-5195 https://github.com/gbonacini/CVE-2016-5195 https://github.com/whu-enjoy/CVE-2016-5195 https://github.com/jas502n/CVE-2016-5195 https://github.com/arttnba3/CVE-2016- • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0

CVE-2016-6323

https://notcve.org/view.php?id=CVE-2016-6323

The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation. La función makecontext en GNU C Library (también conocido como glibc o libc6) en versiones anteriores a 2.25 crea contexto de ejecución incompatibles con el desbobinador en plataformas ARM EABI (32-bit), lo que podría permitir a atacantes dependientes del contexto provocar una denegación de servicio (cuelgue), según lo demostrado por las aplicaciones compiladas utilizando gccgo, relacionado con la generación de traza inversa. • http://lists.opensuse.org/opensuse-updates/2016-10/msg00009.html http://www-01.ibm.com/support/docview.wss?uid=swg21995039 http://www.openwall.com/lists/oss-security/2016/08/18/12 http://www.securityfocus.com/bid/92532 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KTXSOVCRDGBIB4WCIDAGYYUBESXZ4IGK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LVWSAZVBTLALXF4SCBPDV3FY6J22DXLZ https://lists.fedoraproject.org/archives/list/pac • CWE-284: Improper Access Control •