CVE-2016-3069 – mercurial: convert extension command injection via git repository names
https://notcve.org/view.php?id=CVE-2016-3069
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository. Mercurial en versiones anteriores a 3.7.3 permite a atacantes remotos ejecutar código arbitrario a través de un nombre manipulado cuando se convierte un repositorio Git. It was discovered that the Mercurial convert extension failed to sanitize special characters in Git repository names. A Git repository with a specially crafted name could cause Mercurial to execute arbitrary code when the Git repository was converted to a Mercurial repository. • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181505.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181542.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00043.html http://rhn.redhat.com/errata/RHSA-2016-0706.html • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2016-1646 – Google Chromium V8 Out-of-Bounds Read Vulnerability
https://notcve.org/view.php?id=CVE-2016-1646
The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code. La implementación de Array.prototype.concat en builtins.cc en Google V8, tal como se utiliza en Google Chrome en versiones anteriores a 49.0.2623.108, no considera adecuadamante los tipos de datos del elemento, lo que permite a atacantes remotos provocar una denegación de servicio (lectura fuera de rango) o posiblemente tener otro impacto no especificado a través de código JavaScript manipulado. Google Chromium V8 Engine contains an out-of-bounds read vulnerability that allows a remote attacker to cause a denial of service or possibly have another unspecified impact via crafted JavaScript code. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00039.html http://rhn.redhat.com/errata/RHSA-2016-0525.html http://www.debian.org/security/2016/dsa-3531 http://www.securitytracker.com/id/1035423 http://www.ubuntu.com/usn/USN-2955-1 https:// • CWE-125: Out-of-bounds Read •
CVE-2010-5325 – foomatic: potential remote arbitrary code execution
https://notcve.org/view.php?id=CVE-2010-5325
Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4.0.6 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via a long job title. Desbordamiento de buffer basado en memoria dinámica en la función unhtmlify en foomatic-rip en foomatic-filters en versiones anteriores a 4.0.6 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída) o posiblemente ejecutar código arbitrario a través de un título de trabajo largo. It was discovered that the unhtmlify() function of foomatic-rip did not correctly calculate buffer sizes, possibly leading to a heap-based memory corruption. A malicious attacker could exploit this flaw to cause foomatic-rip to crash or, possibly, execute arbitrary code. • http://bzr.linuxfoundation.org/loggerhead/openprinting/foomatic-4.0/foomatic-filters/annotate/head:/ChangeLog http://rhn.redhat.com/errata/RHSA-2016-0491.html http://www.openwall.com/lists/oss-security/2016/02/15/1 http://www.openwall.com/lists/oss-security/2016/02/15/7 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html https://bugs.linuxfoundation.org/show_bug.cgi?id=515 https://bugzilla.redhat.com/show_bug.cgi?id=1218297 https://access.redhat.com • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVE-2016-1762 – libxml2: Heap-based buffer-overread in xmlNextChar
https://notcve.org/view.php?id=CVE-2016-1762
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. La función xmlNextChar en libxml2 en versiones anteriores a 2.9.4 permite a atacantes remotos provocar una denegación de servicio (sobre lectura de buffer basado en memoria dinámica) a través de un documento XML manipulado. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html http://rhn.redhat.com/errata/RHSA-2016-2957.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVE-2016-1908 – openssh: possible fallback from untrusted to trusted X11 forwarding
https://notcve.org/view.php?id=CVE-2016-1908
The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server. El cliente en OpenSSH en versiones anteriores a 7.2 no maneja correctamente falló en la generación de cookies para el reenvío X11 no confiable y confía en el servidor X11 local para las decisiones de control de acceso, lo que permite a los clientes remotos X11 activar un fallback y obtener privilegios de reenvío X11 confiables aprovechando los problemas de configuración de este servidor X11, como lo demuestra la falta de la extensión SECURITY en este servidor X11. An access flaw was discovered in OpenSSH; the OpenSSH client did not correctly handle failures to generate authentication cookies for untrusted X11 forwarding. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested. • http://openwall.com/lists/oss-security/2016/01/15/13 http://rhn.redhat.com/errata/RHSA-2016-0465.html http://rhn.redhat.com/errata/RHSA-2016-0741.html http://www.openssh.com/txt/release-7.2 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/84427 http://www.securitytracker.com/id/1034705 https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c https://bugzilla.redhat.com/show_bug.cgi • CWE-284: Improper Access Control CWE-287: Improper Authentication •