CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-3674 – XStream: enabled processing of external entities
https://notcve.org/view.php?id=CVE-2016-3674
Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver, and (7) WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document. Múltiples vulnerabilidades de entidad externa (XXE) en (1) Dom4JDriver, (2) DomDriver, (3) JDom Driver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver y (7) WstxDriver drivers en XStream en versiones anteriores a 1.4.9 permiten a atacantes remotos leer archivos arbitrarios a través de un documento XML manipulado. It was found that several XML parsers used by XStream had default settings that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks. • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183180.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183208.html http://rhn.redhat.com/errata/RHSA-2016-2822.html http://rhn.redhat.com/errata/RHSA-2016-2823.html http://www.debian.org/security/2016/dsa-3575 http://www.openwall.com/lists/oss-security/2016/03/25/8 http://www.openwall.com/lists/oss-security/2016/03/28/1 http://www.securityfocus.com/bid/85381 http://www.se • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.6EPSS: 3%CPEs: 11EXPL: 0CVE-2016-4001
https://notcve.org/view.php?id=CVE-2016-4001
Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cause a denial of service (QEMU crash) via a large packet. Desbordamiento de buffer en la función stellaris_enet_receive en hw/net/stellaris_enet.c en QEMU, cuando el controlador ethernet Stellaris está configurado para aceptar paquetes grandes, permite a atacantes remotos provocar una denegación de servicio (caída de QEMU) a través de un paquete grande. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3a15cc0e1ee7168db0782133d2607a6bfa422d66 http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183275.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183350.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184209.html http://www.openwall.com/lists/oss-security/2016/04/11/4 http://www.openwall.com/lists/oss-security/2016/04/12/6 http://www.securityfocus.com/bid/85976 http://www.ubun • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.0EPSS: 0%CPEs: 12EXPL: 0CVE-2016-4037
https://notcve.org/view.php?id=CVE-2016-4037
The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558. La función ehci_advance_state en hw/usb/hcd-ehci.c en QEMU permite a administradores de SO locales invitados provocar una denegación de servicio (bucle infinito y consumo de CPU) a través de una lista siTD (de descriptor de transferencia isócrona dividida) circular, problema relacionado con CVE-2015-8558. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=1ae3f2f178087711f9591350abad133525ba93f2 http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183275.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183350.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184209.html http://www.openwall.com/lists/oss-security/2016/04/18/3 http://www.openwall.com/lists/oss-security/2016/04/18/6 http://www.securityfocus.com/bid/86283 http://www.ubun • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.9EPSS: 23%CPEs: 9EXPL: 0CVE-2016-4008
https://notcve.org/view.php?id=CVE-2016-4008
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate. La función _asn1_extract_der_octet en lib/decoding.c en GNU Libtasn1 en versiones anteriores a 4.8, cuando se utiliza sin el indicador ASN1_DECODE_FLAG_STRICT_DER, permite a atacantes remotos provocar una denegación de servicio (recursión infinita) a través de un certificado manipulado. • http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=a6e0a0b58f5cdaf4e9beca5bce69c09808cbb625 http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=f435825c0f527a8e52e6ffbc3ad0bc60531d537e http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182299.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182907.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183221.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00047.html http:/ • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 3%CPEs: 6EXPL: 0CVE-2015-8868 – poppler: heap buffer overflow in ExponentialFunction
https://notcve.org/view.php?id=CVE-2015-8868
Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document. Desbordamiento de buffer basado en memoria dinámica en la función ExponentialFunction::ExponentialFunction en Poppler en versiones anteriores a 0.40.0 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída) o posiblemente ejecutar código arbitrario a través de un modo blend no válido en el diccionario ExtGState en un documento PDF manipulado. A heap-buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code when opened. • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183107.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183142.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00068.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00077.html http://rhn.redhat.com/errata/RHSA-2016-2580.html http://www.debian.org/security/2016/dsa-3563 http://www.openwall.com/lists/oss-security/2016/04/12/1 http://www.securityfocus.com/bid/89324 http: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •