CVSS: 9.8EPSS: 2%CPEs: 4EXPL: 0CVE-2016-0729 – xerces-c: parser crashes on malformed input
https://notcve.org/view.php?id=CVE-2016-0729
Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp, and (3) util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denial of service (segmentation fault or memory corruption) or possibly execute arbitrary code via a crafted document. Múltiples desbordamientos en (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp y (3) util/XMLUri.cpp en la librería XML Parser en Apache Xerces-C en versiones anteriores a 3.1.3 permite a atacantes remotos causar una denegación de servicio (fallo de segmentación o corrupción de memoria) o posiblemente ejecutar código arbitrario a través de un documento manipulado. It was discovered that the Xerces-C XML parser did not properly process certain XML input. By providing specially crafted XML data to an application using Xerces-C for XML processing, a remote attacker could exploit this flaw to cause an application crash or, possibly, execute arbitrary code with the privileges of the application. • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182062.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182131.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182597.html http://lists.opensuse.org/opensuse-updates/2016-04/msg00012.html http://lists.opensuse.org/opensuse-updates/2016-04/msg00086.html http://lists.opensuse.org/opensuse-updates/2016-07/msg00053.html http://packetstormsecurity.com/files/135949/Apache-Xerces-C-XML-Parser-Buffe • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 6%CPEs: 8EXPL: 0CVE-2015-3146
https://notcve.org/view.php?id=CVE-2015-3146
The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet. Los manejadores de paquete (1) SSH_MSG_NEWKEYS y (2) SSH_MSG_KEXDH_REPLY en package_cb.c en libssh en versiones anteriores a 0.6.5 no valida correctamente el estado, lo que permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída) a través de un paquete SSH manipulado. • http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161802.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158013.html http://www.debian.org/security/2016/dsa-3488 http://www.ubuntu.com/usn/USN-2912-1 https://git.libssh.org/projects/libssh.git/commit/?h=libssh-0.6.5&id=94f6955fbaee6fda9385a23e505497efe21f5b4f https://www.libssh.org/2015/04/30/libssh-0-6-5-security-and-bugfix-release https://www.libssh.org/security/advisories/CVE-2015-3146.txt •
CVSS: 5.9EPSS: 1%CPEs: 91EXPL: 0CVE-2015-7977 – ntp: restriction list NULL pointer dereference
https://notcve.org/view.php?id=CVE-2015-7977
ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command. ntpd en NTP en versiones anteriores a 4.2.8p6 y 4.3.x en versiones anteriores a 4.3.90 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL) mediante un comando ntpdc reslist. A NULL pointer dereference flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. A remote attacker could potentially use this flaw to crash ntpd. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html http://lists.opensuse.org/opensuse-security-announce&# • CWE-476: NULL Pointer Dereference •
CVSS: 5.9EPSS: 0%CPEs: 9EXPL: 0CVE-2016-0739 – libssh: bits/bytes confusion resulting in truncated Difffie-Hellman secret length
https://notcve.org/view.php?id=CVE-2016-0739
libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug." libssh en versiones anteriores a 0.7.3 trunca de manera incorrecta secretos efímeros generados para los métodos de intercambio de clave (1) diffie-hellman-group1 y (2) diffie-hellman-group14 a 128 bits, lo que hace más fácil a atacantes man-in-the-middle descifrar o interceptar sesiones SSH a través de vectores no especificados, también conocido como "bits/bytes confusion bug". A type confusion issue was found in the way libssh generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178058.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178822.html http://lists.opensuse.org/opensuse-updates/2016-03/msg00111.html http://rhn.redhat.com/errata/RHSA-2016-0566.html http://www.debian.org/security/2016/dsa-3488 http://www.ubuntu.com/usn/USN-2912-1 https://puppet.com/security/cve/CVE-2016-0739 https://security.gentoo.org/glsa/201606-12 https://www.libssh.org/2016/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-704: Incorrect Type Conversion or Cast •
CVSS: 7.1EPSS: 2%CPEs: 290EXPL: 1CVE-2016-2316
https://notcve.org/view.php?id=CVE-2016-2316
chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of service (file descriptor consumption) via vectors related to large retransmit timeout values. chan_sip en Asterisk Open Source 1.8.x, 11.x en versiones anteriores a 11.21.1, 12.x y 13.x en versiones anteriores a 13.7.1 y Certified Asterisk 1.8.28, 11.6 en versiones anteriores a 11.6-cert12 y 13.1 en versiones anteriores a 13.1-cert3, cuando la configuración de timert1 en sip.conf se establece en un valor mayor que 1245, permite a atacantes remotos causar una denegación de servicio (consumo de descriptor de archivo) a través de vectores relacionados con valores de caducidad de retransmisión grandes. • http://downloads.asterisk.org/pub/security/AST-2016-002.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177409.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177422.html http://www.debian.org/security/2016/dsa-3700 http://www.securityfocus.com/bid/82651 http://www.securitytracker.com/id/1034930 • CWE-191: Integer Underflow (Wrap or Wraparound) •