CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 0CVE-2015-8948 – Ubuntu Security Notice USN-3068-1
https://notcve.org/view.php?id=CVE-2015-8948
24 Aug 2016 — idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read. idn en GNU libidn en versiones anteriores a 1.33 podría permitir a atacantes remotos obtener información de memoria sensible mediante la lectura de un byte cero como entrada, lo que desencadena una lectura fuera de rango. Thijs Alkemade, Gustavo Grieco, Daniel Stenberg, and Nikos Mavrogiannopoulos discovered that Libidn incorrectly handled i... • http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=570e68886c41c2e765e6218cb317d9a9a447a041 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 4%CPEs: 5EXPL: 0CVE-2016-6261 – Ubuntu Security Notice USN-3068-1
https://notcve.org/view.php?id=CVE-2016-6261
24 Aug 2016 — The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input. La función idna_to_ascii_4i en lib/idna.c en libidn en versiones anteriores a 1.33 permite a atacantes dependientes del contexto provocar una denegación de servicio (lectura fuera de límites y caída) a través de 64 bytes de entrada. Thijs Alkemade, Gustavo Grieco, Daniel Stenberg, and Nikos Mavrogiannopoulos discovered that Li... • http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297eee307dddaf0f92ac72d • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 0CVE-2016-6262 – Ubuntu Security Notice USN-3068-1
https://notcve.org/view.php?id=CVE-2016-6262
24 Aug 2016 — idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948. idn en libidn en versiones anteriores a 1.33 podría permitir a atacantes remotos obtener información de memoria sensible mediante la lectura de un byte cero como entrada, lo que desencadena una lectura fuera de límites, una vulnerabilidad diferente a CVE-2015-8948. Thijs Alkemade, Gustavo Grieco, Dan... • http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 2%CPEs: 29EXPL: 3CVE-2016-6855 – Eye of Gnome 3.10.2 - GMarkup Out of Bounds Write
https://notcve.org/view.php?id=CVE-2016-6855
23 Aug 2016 — Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup. Eye of GNOME (también conocido como eog) 3.16.5, 3.17.x, 3.18.x en versiones anteriores a 3.18.3, 3.19.x y 3.20.x en versiones anteriores a 3.20.4, cuando es utilizado con glib en versiones anteriores a 2.44.1, permiten a atacantes remotos pr... • https://packetstorm.news/files/id/138486 • CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 3%CPEs: 15EXPL: 0CVE-2016-6313 – libgcrypt: PRNG output is predictable
https://notcve.org/view.php?id=CVE-2016-6313
18 Aug 2016 — The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits. Las funciones de mezcla en el generador de números aleatorios en Libgcrypt en versiones anteriores a 1.5.6, 1.6.x en versiones anteriores a 1.6.6 y 1.7.x en versiones anteriores a 1.7.3 y GnuPG en versiones anteriores a 1.4.21 hacen más fácil para ataca... • http://rhn.redhat.com/errata/RHSA-2016-2674.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2016-5384 – fontconfig: Possible double free due to insufficiently validated cache files
https://notcve.org/view.php?id=CVE-2016-5384
08 Aug 2016 — fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file. fontconfig en versiones anteriores a 2.12.1 no valida offsets, lo que permite a usuarios locales desencadenar llamadas gratis arbitrarias y consecuentemente llevar a cabo ataques gratuitos dobles y ejecutar código arbitrario a través de un archivo de caché manipulado. It was found that cache files were i... • http://rhn.redhat.com/errata/RHSA-2016-2601.html • CWE-20: Improper Input Validation CWE-415: Double Free •
CVSS: 6.0EPSS: 0%CPEs: 5EXPL: 0CVE-2016-4952 – Ubuntu Security Notice USN-3047-1
https://notcve.org/view.php?id=CVE-2016-4952
05 Aug 2016 — QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds array access) via vectors related to the (1) PVSCSI_CMD_SETUP_RINGS or (2) PVSCSI_CMD_SETUP_MSG_RING SCSI command. QEMU (también conocido como Quick Emulator), cuando está construido con soporte de emulación bus VMWARE PVSCSI paravirtual SCSI, permite a administradores locales del SO invitado provocar una denegación de servicio (acc... • http://www.openwall.com/lists/oss-security/2016/05/23/1 • CWE-787: Out-of-bounds Write •
CVSS: 4.4EPSS: 0%CPEs: 5EXPL: 0CVE-2016-5105 – Ubuntu Security Notice USN-3047-1
https://notcve.org/view.php?id=CVE-2016-5105
05 Aug 2016 — The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface (MFI) command. La función megasas_dcmd_cfg_read en hw/scsi/megasas.c en QEMU, cuando está construido con el soporte de emulación MegaRAID SAS 8708EM2 Host Bus Adapter, utiliza una variable sin inicializar, lo que permite a adminis... • http://www.openwall.com/lists/oss-security/2016/05/25/5 • CWE-908: Use of Uninitialized Resource •
CVSS: 6.0EPSS: 0%CPEs: 5EXPL: 0CVE-2016-5106 – Ubuntu Security Notice USN-3047-1
https://notcve.org/view.php?id=CVE-2016-5106
05 Aug 2016 — The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest administrators to cause a denial of service (out-of-bounds write access) via vectors involving a MegaRAID Firmware Interface (MFI) command. La función megasas_dcmd_set_properties en hw/scsi/megasas.c en QEMU, cuando está construido con soporte de emulación MegaRAID SAS 8708EM2 Host Bus Adapter, permite a administradores locales invitados provocar ... • http://www.openwall.com/lists/oss-security/2016/05/25/6 • CWE-787: Out-of-bounds Write •
CVSS: 6.0EPSS: 0%CPEs: 5EXPL: 0CVE-2016-5107 – Ubuntu Security Notice USN-3047-1
https://notcve.org/view.php?id=CVE-2016-5107
05 Aug 2016 — The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified vectors. La función megasas_lookup_frame en QEMU, cuando está construido con soporte de emulación MegaRAID SAS 8708EM2 Host Bus Adapter, permite a administradores locales del SO invitado provocar una denegación de servicio (lectura fuera de límites y caída) a través de vectores no e... • http://www.openwall.com/lists/oss-security/2016/05/25/7 • CWE-125: Out-of-bounds Read •