CVSS: 9.8EPSS: 1%CPEs: 8EXPL: 0CVE-2016-5178 – chromium-browser: various fixes from internal audits
https://notcve.org/view.php?id=CVE-2016-5178
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome anterior a 53.0.2785.143 permiten a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos • http://lists.opensuse.org/opensuse-updates/2016-10/msg00000.html http://lists.opensuse.org/opensuse-updates/2016-10/msg00001.html http://rhn.redhat.com/errata/RHSA-2016-2007.html http://www.debian.org/security/2016/dsa-3683 http://www.securityfocus.com/bid/93238 http://www.securitytracker.com/id/1036970 https://bugs.chromium.org/p/chromium/issues/detail?id=645028 https://bugs.chromium.org/p/chromium/issues/detail?id=651092 https://bugzilla.redhat.com/show_bug.cgi?id=1380632 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 2%CPEs: 8EXPL: 0CVE-2016-5177 – chromium-browser: use after free in v8
https://notcve.org/view.php?id=CVE-2016-5177
Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors. Vulnerabilidad de uso después de linberación en V8 en Google Chrome anterior a la versión 53.0.2785.143, permite a atacantes remotos provocar una denegación de servicio (bloqueo) o posiblemente tener otro impacto no especificado a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-updates/2016-10/msg00000.html http://lists.opensuse.org/opensuse-updates/2016-10/msg00001.html http://rhn.redhat.com/errata/RHSA-2016-2007.html http://www.debian.org/security/2016/dsa-3683 http://www.securityfocus.com/bid/93238 http://www.securitytracker.com/id/1036970 https://bugzilla.redhat.com/show_bug.cgi?id=1380631 https://chromereleases.googleblog.com/2016/09/stable-channel-update-for-desktop_29.html https://lists.fedoraproject.org/archives/ • CWE-416: Use After Free •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2016-6153
https://notcve.org/view.php?id=CVE-2016-6153
os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files. os_unix.c en SQLite en versiones anteriores a 3.13.0 no implementa correctamente el algoritmo de búsqueda de directorio temporal, lo que podría permitir a usuarios locales obtener información sensible, provocar una denegación de servicio (caída de aplicación) o tener otro impacto no especificado aprovechando el uso de directorio de trabajo actual para archivos temporales. • http://lists.opensuse.org/opensuse-updates/2016-08/msg00053.html http://www.openwall.com/lists/oss-security/2016/07/01/1 http://www.openwall.com/lists/oss-security/2016/07/01/2 http://www.securityfocus.com/bid/91546 http://www.sqlite.org/cgi/src/info/67985761aa93fb61 https://lists.debian.org/debian-lts-announce/2023/05/msg00022.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGQTH7V45QVHFDXJAEECHEO3HHD644WZ https://lists.fedoraproject.org&# • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 1%CPEs: 22EXPL: 1CVE-2016-7163 – openjpeg: Integer overflow in opj_pi_create_decode
https://notcve.org/view.php?id=CVE-2016-7163
Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write. Desbordamiento de entero en la función opj_pi_create_decode en pi.c en OpenJPEG permite a atacantes remotos ejecutar código arbitrario a través de un archivo JP2 manipulado, lo que desencadena una lectura o escritura fuera de límites. An integer overflow, leading to a heap buffer overflow, was found in OpenJPEG. An attacker could create a crafted JPEG2000 image that, when loaded by an application using openjpeg, could lead to a crash or, potentially, code execution. • http://rhn.redhat.com/errata/RHSA-2017-0559.html http://rhn.redhat.com/errata/RHSA-2017-0838.html http://www.debian.org/security/2016/dsa-3665 http://www.openwall.com/lists/oss-security/2016/09/08/3 http://www.openwall.com/lists/oss-security/2016/09/08/6 http://www.securityfocus.com/bid/92897 https://github.com/uclouvain/openjpeg/commit/c16bc057ba3f125051c9966cf1f5b68a05681de4 https://github.com/uclouvain/openjpeg/commit/ef01f18dfc6780b776d0674ed3e7415c6ef54d24 https://github.com/uclouvain&# • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 2%CPEs: 4EXPL: 0CVE-2016-7167 – curl: escape and unescape integer overflows
https://notcve.org/view.php?id=CVE-2016-7167
Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow. Múltiples desbordamientos de entero en las funciones (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape y (4) curl_easy_unescape en libcurl en versiones anteriores a 7.50.3 permiten a atacantes tener impacto no especificado a través de una cadena de longitud 0xffffffff, lo que desencadena un desbordamiento de búfer basado en memoria dinámica. Multiple integer overflow flaws leading to heap-based buffer overflows were found in the way curl handled escaping and unescaping of data. An attacker could potentially use these flaws to crash an application using libcurl by sending a specially crafted input to the affected libcurl functions. • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/92975 http://www.securitytracker.com/id/1036813 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.538632 https://access.redhat.com/errata/RHSA-2017:2016 https://access.redhat.com/errata/RHSA-2018:2486 https://access.redhat.com/errata/RHSA-2018:3558 https://curl.haxx.se/docs/adv_20160914.html https://lists.debian.org/debian-lts-announ • CWE-190: Integer Overflow or Wraparound •