CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 1CVE-2015-8928 – libarchive: Heap out of bounds read in mtree parser
https://notcve.org/view.php?id=CVE-2015-8928
14 Jul 2016 — The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. La función process_add_entry en archive_read_support_format_mtree.c en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de rango) a través de un archivo mtree manipulado. A vulnerability was found in libarchive. A specially crafted MTREE file... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2015-8924 – libarchive: Heap out of bounds read in TAR parser
https://notcve.org/view.php?id=CVE-2015-8924
14 Jul 2016 — The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file. La función archive_read_format_tar_read_header en archive_read_support_format_tar.c en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un archivo tar manipulado. A vulnerability was found in libarchive. ... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 1CVE-2015-8932 – libarchive: Undefined behavior / invalid shiftleft in TAR parser
https://notcve.org/view.php?id=CVE-2015-8932
14 Jul 2016 — The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which triggers an invalid left shift. La función compress_bidder_init en archive_read_support_filter_compress.c en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo tar manipulado, lo que desencadena un desplazamiento a la izquierda no ... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html • CWE-20: Improper Input Validation CWE-682: Incorrect Calculation •
CVSS: 5.5EPSS: 2%CPEs: 8EXPL: 1CVE-2015-8934 – libarchive: out of bounds heap read in RAR parser
https://notcve.org/view.php?id=CVE-2015-8934
14 Jul 2016 — The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted rar file. La función copy_from_lzss_window en archive_read_support_format_rar.c en libarchive 3.2.0 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (lectura de memoria dinámica fuera de rango) a través de un archivo rar manipulado. A vulnerability was found in libarchive. A s... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html • CWE-125: Out-of-bounds Read •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2016-2380 – Gentoo Linux Security Advisory 201701-38
https://notcve.org/view.php?id=CVE-2016-2380
12 Jul 2016 — An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent to the server could potentially result in an out-of-bounds read. A user could be convinced to enter a particular string which would then get converted incorrectly and could lead to a potential out-of-bounds read. Existe una fuga de información en el manejo del protocolo MXIT en Pidgin.Datos MXIT expecialmente manipulados enviados al servidor podrían resultar potencialmente en una lectura fuera de lími... • http://www.debian.org/security/2016/dsa-3620 • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 1%CPEs: 5EXPL: 0CVE-2016-2366 – Gentoo Linux Security Advisory 201701-38
https://notcve.org/view.php?id=CVE-2016-2366
12 Jul 2016 — A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger this vulnerability and cause a crash. Existe una vulnerabilidad de denegación de servicio en el manejo del protocolo MXIT en Pidgin. Datos MXIT especialmente manipulados enviados a través del servidor podrían resultar pote... • http://www.debian.org/security/2016/dsa-3620 • CWE-125: Out-of-bounds Read •
CVSS: 5.8EPSS: 3%CPEs: 5EXPL: 1CVE-2016-4323 – Gentoo Linux Security Advisory 201701-38
https://notcve.org/view.php?id=CVE-2016-4323
12 Jul 2016 — A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or someone with access to the network traffic can provide an invalid filename for a splash image triggering the vulnerability. Exste un salto de directorio en el manejo del protocolo MXIT en Pidgin. Datos MXIT especialmente manipulados enviados desde el servidor podrían resultar potencialmente en una sobreescritura... • http://www.debian.org/security/2016/dsa-3620 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.1EPSS: 1%CPEs: 5EXPL: 0CVE-2016-2377 – Gentoo Linux Security Advisory 201701-38
https://notcve.org/view.php?id=CVE-2016-2377
12 Jul 2016 — A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent by the server could potentially result in an out-of-bounds write of one byte. A malicious server can send a negative content-length in response to a HTTP request triggering the vulnerability. Existe una vulnerabilidad de desbordamiento de búfer en el manejo del protocolo MXIT en Pidgin. Datos MXIT especialmente manipulados enviados por el servidor podrían resultar potencialmente en una esc... • http://www.debian.org/security/2016/dsa-3620 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 1%CPEs: 5EXPL: 0CVE-2016-2378 – Gentoo Linux Security Advisory 201701-38
https://notcve.org/view.php?id=CVE-2016-2378
12 Jul 2016 — A buffer overflow vulnerability exists in the handling of the MXIT protocol Pidgin. Specially crafted data sent via the server could potentially result in a buffer overflow, potentially resulting in memory corruption. A malicious server or an unfiltered malicious user can send negative length values to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento de búfer en el manejo del protocolo MXIT en Pidgin. Datos especialmente manipulados enviados a través del servidor podrían resultar pote... • http://www.debian.org/security/2016/dsa-3620 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 1%CPEs: 5EXPL: 0CVE-2016-2368 – Gentoo Linux Security Advisory 201701-38
https://notcve.org/view.php?id=CVE-2016-2368
12 Jul 2016 — Multiple memory corruption vulnerabilities exist in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could result in multiple buffer overflows, potentially resulting in code execution or memory disclosure. Existen múltiples vulnerabilidades de corrupción de memoria en el manejo del protocolo MXIT en Pidgin. Datos MXIT especialmente manipulados enviados a través del servidor podrían resultar en múltiples desbordamientos de búfer, resultando potencialmente en ejecuc... • http://www.debian.org/security/2016/dsa-3620 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •