CVSS: 5.5EPSS: 93%CPEs: 84EXPL: 1CVE-2016-3718 – ImageMagick Server-Side Request Forgery (SSRF) Vulnerability
https://notcve.org/view.php?id=CVE-2016-3718
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. Los codificadores (1) HTTP y (2) FTP en ImageMagick en versiones anteriores a 6.9.3-10 y 7.x en versiones anteriores a 7.0.1-1 permiten a atacantes remotos llevar a cabo ataques de falsificación de peticiones del lado del servidor (SSRF) a través de una imagen manipulada. A server-side request forgery flaw was discovered in the way ImageMagick processed certain images. A remote attacker could exploit this flaw to mislead an application using ImageMagick or an unsuspecting user using the ImageMagick utilities into, for example, performing HTTP(S) requests or opening FTP sessions via specially crafted images. ImageMagick contains an unspecified vulnerability that allows attackers to perform server-side request forgery (SSRF) via a crafted image. • https://www.exploit-db.com/exploits/39767 http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html http&# • CWE-352: Cross-Site Request Forgery (CSRF) CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.3EPSS: 0%CPEs: 125EXPL: 0CVE-2016-2518 – ntp: out-of-bounds references on crafted packet
https://notcve.org/view.php?id=CVE-2016-2518
The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value. La función MATCH_ASSOC en NTP en versiones anteriores 4.2.8p9 y 4.3.x en versiones anteriores a 4.3.92 permite a atacantes remotos provocar una referencia fuera de los límites a través de una solicitud addpeer con un valor hmode grande. An out-of-bounds access flaw was found in the way ntpd processed certain packets. An authenticated attacker could use a crafted packet to create a peer association with hmode of 7 and larger, which could potentially (although highly unlikely) cause ntpd to crash. • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016& • CWE-125: Out-of-bounds Read •
CVSS: 5.1EPSS: 0%CPEs: 146EXPL: 0CVE-2016-4053 – squid: multiple issues in ESI processing
https://notcve.org/view.php?id=CVE-2016-4053
Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization. Squid 3.x en versiones anteriores a 3.5.17 y 4.x en versiones anteriores a 4.0.9 permite a atacantes remotos obtener información sensible sobre la estructura de pila a través de respuestas Edge Side Includes (ESI) manipuladas, relacionado con el uso incorrecto de assert y optimización del compilador. Buffer overflow and input validation flaws were found in the way Squid processed ESI responses. If Squid was used as a reverse proxy, or for TLS/HTTPS interception, a remote attacker able to control ESI components on an HTTP server could use these flaws to crash Squid, disclose parts of the stack memory, or possibly execute arbitrary code as the user running Squid. • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html http://www.debian.org/security/2016/dsa-3625 http://www.openwall.com/lists/oss-security/2016/04/20/6 http://www.openwall.com/lists/oss-security/2016/04/20/9 http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.oracle.com/technetwork/t • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 21%CPEs: 146EXPL: 0CVE-2016-4054 – squid: multiple issues in ESI processing
https://notcve.org/view.php?id=CVE-2016-4054
Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses. Desbordamiento de buffer en Squid 3.x en versiones anteriores a 3.5.17 y 4.x en versiones anteriores a 4.0.9 permite a atacantes remotos ejecutar código arbitrario a través de respuestas Edge Side Includes (ESI) manipuladas. Buffer overflow and input validation flaws were found in the way Squid processed ESI responses. If Squid was used as a reverse proxy, or for TLS/HTTPS interception, a remote attacker able to control ESI components on an HTTP server could use these flaws to crash Squid, disclose parts of the stack memory, or possibly execute arbitrary code as the user running Squid. • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html http://www.debian.org/security/2016/dsa-3625 http://www.openwall.com/lists/oss-security/2016/04/20/6 http://www.openwall.com/lists/oss-security/2016/04/20/9 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bi • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 154EXPL: 0CVE-2016-4051 – squid: buffer overflow in cachemgr.cgi
https://notcve.org/view.php?id=CVE-2016-4051
Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data. Desbordamiento de buffer en cachemgr.cgi en Squid 2.x, 3.x en versiones anteriores a 3.5.17 y 4.x en versiones anteriores a 4.0.9 podría permitir a atacantes remotos provocar una denegación de servicio o ejecutar código arbitrario sembrando informes manager con datos manipulados. A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacker could possibly use this flaw to execute arbitrary code. • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html http://www.debian.org/security/2016/dsa-3625 http://www.openwall.com/lists/oss-security/2016/04/20/6 http://www.openwall.com/lists/oss-security/2016/04/20/9 http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.oracle.com/technetwork/t • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •