Page 171 of 1426 results (0.011 seconds)

CVSS: 5.5EPSS: 1%CPEs: 14EXPL: 0

CVE-2016-7166 – libarchive: Denial of service using a crafted gzip file

https://notcve.org/view.php?id=CVE-2016-7166

libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file. libarchive en versiones anteriores a 3.2.0 no limita el número de descompresiones recursivas, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y caída de aplicación) a través de un archivo gzip manipulado. A vulnerability was found in libarchive. A specially crafted gzip file can cause libarchive to allocate memory without limit, eventually leading to a crash. • http://rhn.redhat.com/errata/RHSA-2016-1844.html http://rhn.redhat.com/errata/RHSA-2016-1850.html http://www.openwall.com/lists/oss-security/2016/09/08/15 http://www.openwall.com/lists/oss-security/2016/09/08/18 http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.securityfocus.com/bid/92901 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207362 https://bugzilla.redhat.com/show_bug.cgi?id=1347086 https://github.com/libarchiv • CWE-399: Resource Management Errors CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 3

CVE-2016-5418 – libarchive: Archive Entry with type 1 (hardlink), but has a non-zero data size file overwrite

https://notcve.org/view.php?id=CVE-2016-5418

The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file. El código sandboxing en libarchive 3.2.0 y versiones anteriores no maneja adecuadamente entradas de archivo de vínculo físico de datos de tamaño distinto de cero, lo que podría permitir a atacantes remotos escribir a archivos arbitrarios a través de un archivo manipulado. A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive. • http://rhn.redhat.com/errata/RHSA-2016-1844.html http://rhn.redhat.com/errata/RHSA-2016-1850.html http://www.openwall.com/lists/oss-security/2016/08/09/2 http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.securityfocus.com/bid/93165 https://access.redhat.com/errata/RHSA-2016:1852 https://access.redhat.com/errata/RHSA-2016:1853 https://bugzilla.redhat.com/show_bug.cgi?id=1362601 https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b8 • CWE-19: Data Processing Errors CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 10.0EPSS: 0%CPEs: 30EXPL: 4

CVE-2016-6662 – MySQL / MariaDB / PerconaDB 5.5.51/5.6.32/5.7.14 - Code Execution / Privilege Escalation

https://notcve.org/view.php?id=CVE-2016-6662

Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15. Oracle MySQL hasta la versión 5.5.52, 5.6.x hasta la versión 5.6.33 y 5.7.x hasta la versión 5.7.15; MariaDB en versiones anteriores a 5.5.51, 10.0.x en versiones anteriores a 10.0.27 y 10.1.x en versiones anteriores a 10.1.17; y Percona Server en versiones anteriores a 5.5.51-38.1, 5.6.x en versiones anteriores a 5.6.32-78.0 y 5.7.x en versiones anteriores a 5.7.14-7 permiten a usuarios locales crear configuraciones arbitrarias y eludir ciertos mecanismos de protección estableciendo general_log_file a una configuración my.cnf NOTA: esto puede ser aprovechado para ejecutar código arbitrario con privilegios root estableciendo malloc_lib. • https://www.exploit-db.com/exploits/40360 https://github.com/MAYASEVEN/CVE-2016-6662 https://github.com/KosukeShimofuji/CVE-2016-6662 https://github.com/konstantin-kelemen/mysqld_safe-CVE-2016-6662-patch http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html http://rhn.redhat.com/errata/RHSA-2016-2058.html http://rhn.redhat.com/errata/RHSA-2016-2059.html http://rhn.redhat.com/errata/RHSA-2016-2060.html http://rhn.redhat.com/errat • CWE-264: Permissions, Privileges, and Access Controls CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0

CVE-2016-5408 – squid: Buffer overflow vulnerability in cachemgr.cgi tool

https://notcve.org/view.php?id=CVE-2016-5408

Stack-based buffer overflow in the munge_other_line function in cachemgr.cgi in the squid package before 3.1.23-16.el6_8.6 in Red Hat Enterprise Linux 6 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-4051. Desbordamiento de búfer basado en pila en la función munge_other_line en cachemgr.cgi en el paquete squid en versiones anteriores a 3.1.23-16.el6_8.6 en Red Hat Enterprise Linux 6 permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. NOTA: esta vulnerabilidad existe debido a una solución incorrecta para CVE-2016-4051. It was found that the fix for CVE-2016-4051 released via RHSA-2016:1138 did not properly prevent the stack overflow in the munge_other_line() function. • http://rhn.redhat.com/errata/RHSA-2016-1573.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html https://access.redhat.com/security/cve/CVE-2016-5408 https://bugzilla.redhat.com/show_bug.cgi?id=1359203 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVSS: 5.5EPSS: 0%CPEs: 38EXPL: 0

CVE-2016-5403 – Qemu: virtio: unbounded memory allocation on host via guest leading to DoS

https://notcve.org/view.php?id=CVE-2016-5403

The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion. La función virtqueue_pop en hw/virtio/virtio.c en QEMU permite a administradores locales del SO invitado provocar una denegación de servicio (consumo de memoria y caida del proceso QUEMU) mediante la presentación de solicitudes sin esperar la finalización. Quick Emulator (QEMU) built with the virtio framework is vulnerable to an unbounded memory allocation issue. It was found that a malicious guest user could submit more requests than the virtqueue size permits. Processing a request allocates a VirtQueueElement results in unbounded memory allocation on the host controlled by the guest. • http://rhn.redhat.com/errata/RHSA-2016-1585.html http://rhn.redhat.com/errata/RHSA-2016-1586.html http://rhn.redhat.com/errata/RHSA-2016-1606.html http://rhn.redhat.com/errata/RHSA-2016-1607.html http://rhn.redhat.com/errata/RHSA-2016-1652.html http://rhn.redhat.com/errata/RHSA-2016-1653.html http://rhn.redhat.com/errata/RHSA-2016-1654.html http://rhn.redhat.com/errata/RHSA-2016-1655.html http://rhn.redhat.com/errata/RHSA-2016-1756.html http://rhn • CWE-400: Uncontrolled Resource Consumption •