CVE-2016-1836 – libxml2: Heap use-after-free in xmlDictComputeFastKey
https://notcve.org/view.php?id=CVE-2016-1836
Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document. Vulnerabilidad de uso después de liberación de memoria en la función xmlDictComputeFastKey en libxml2 en versiones anteriores a 2.9.4, como se utiliza en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5, tvOS en versiones anteriores a 9.2.1 y watchOS en versiones anteriores a 2.2.1, permite a atacantes remotos provocar una denegación de servicio a través de un documento XML manipulado. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html http://lists.apple.com/archives/security-announce/2016/May/msg00001.html http://lists.apple.com/archives/security-announce/2016/May • CWE-416: Use After Free •
CVE-2016-1834 – libxml2: Heap-buffer-overflow in xmlStrncat
https://notcve.org/view.php?id=CVE-2016-1834
Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. Desbordamiento de buffer basado en memoria dinámica en la función xmlStrncat en libxml2 en versiones anteriores a 2.9.4, como se utiliza en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5, tvOS en versiones anteriores a 9.2.1 y watchOS en versiones anteriores a 2.2.1, permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un documento XML manipulado. • http://lists.apple.com/archives/security-announce/2016/May/msg00001.html http://lists.apple.com/archives/security-announce/2016/May/msg00002.html http://lists.apple.com/archives/security-announce/2016/May/msg00003.html http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://rhn.redhat.com/errata/RHSA-2016-2957.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html h • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVE-2016-1837 – libxml2: Heap use-after-free in htmlPArsePubidLiteral and htmlParseSystemiteral
https://notcve.org/view.php?id=CVE-2016-1837
Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a crafted XML document. Múltiples vulnerabilidades de uso después de liberación de memoria en las funciones (1) htmlPArsePubidLiteral y (2) htmlParseSystemiteral en libxml2 en versiones anteriores a 2.9.4, como se utilizan en Apple iOS en versiones anteriores a 9.3.2, OS X en versiones anteriores a 10.11.5, tvOS en versiones anteriores a 9.2.1 y watchOS en versiones anteriores a 2.2.1, permiten a atacantes remotos provocar una denegación de servicio a través de un documento XML manipulado. • http://lists.apple.com/archives/security-announce/2016/May/msg00001.html http://lists.apple.com/archives/security-announce/2016/May/msg00002.html http://lists.apple.com/archives/security-announce/2016/May/msg00003.html http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://rhn.redhat.com/errata/RHSA-2016-2957.html http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http • CWE-416: Use After Free •
CVE-2016-0758 – kernel: tags with indefinite length can corrupt pointers in asn1_find_indefinite_length()
https://notcve.org/view.php?id=CVE-2016-0758
Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data. Desbordamiento de entero en lib/asn1_decoder.c en el kernel de Linux en versiones anteriores a 4.6 permite a usuarios locales obtener privilegios a través de datos ASN.1 manipulados. A flaw was found in the way the Linux kernel's ASN.1 DER decoder processed certain certificate files with tags of indefinite length. A local, unprivileged user could use a specially crafted X.509 certificate DER file to crash the system or, potentially, escalate their privileges on the system. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23c8a812dc3c621009e4f0e5342aa4e2ede1ceaa http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html http://lists.opensuse.org • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2016-3710 – qemu: incorrect banked access bounds checking in vga module
https://notcve.org/view.php?id=CVE-2016-3710
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue. El módulo VGA en QEMU lleva a cabo incorrectamente comprobaciones de límites sobre acceso almacenado a la memoria de vídeo, lo que permite a administradores locales de SO invitado ejecutar código arbitrario sobre el anfitrión cambiando los modos de acceso después de establecer el banco de registros, también conocido como el problema "Dark Portal". An out-of-bounds read/write access flaw was found in the way QEMU's VGA emulation with VESA BIOS Extensions (VBE) support performed read/write operations using I/O port methods. A privileged guest user could use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process. • http://rhn.redhat.com/errata/RHSA-2016-0724.html http://rhn.redhat.com/errata/RHSA-2016-0725.html http://rhn.redhat.com/errata/RHSA-2016-0997.html http://rhn.redhat.com/errata/RHSA-2016-0999.html http://rhn.redhat.com/errata/RHSA-2016-1000.html http://rhn.redhat.com/errata/RHSA-2016-1001.html http://rhn.redhat.com/errata/RHSA-2016-1002.html http://rhn.redhat.com/errata/RHSA-2016-1019.html http://rhn.redhat.com/errata/RHSA-2016-1943.html http://suppor • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •