CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2015-8948
https://notcve.org/view.php?id=CVE-2015-8948
idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read. idn en GNU libidn en versiones anteriores a 1.33 podría permitir a atacantes remotos obtener información de memoria sensible mediante la lectura de un byte cero como entrada, lo que desencadena una lectura fuera de rango. • http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=570e68886c41c2e765e6218cb317d9a9a447a041 http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html http://www.debian.org/security/2016/dsa-3658 http://www.openwall.com/lists/oss-security/2016/07/20/6 http://www.openwall.com/lists/oss-security/2016/07/21/4 http://www.securityfocus.com/bid/92070 http://www.ubuntu.com/usn/USN-3068-1 https://lists& • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2016-6262
https://notcve.org/view.php?id=CVE-2016-6262
idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948. idn en libidn en versiones anteriores a 1.33 podría permitir a atacantes remotos obtener información de memoria sensible mediante la lectura de un byte cero como entrada, lo que desencadena una lectura fuera de límites, una vulnerabilidad diferente a CVE-2015-8948. • http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60 http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html http://www.openwall.com/lists/oss-security/2016/07/20/6 http://www.openwall.com/lists/oss-security/2016/07/21/4 http://www.securityfocus.com/bid/92070 http://www.ubuntu.com/usn/USN-3068-1 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 2%CPEs: 29EXPL: 2CVE-2016-6855 – Eye of Gnome 3.10.2 - GMarkup Out of Bounds Write
https://notcve.org/view.php?id=CVE-2016-6855
Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup. Eye of GNOME (también conocido como eog) 3.16.5, 3.17.x, 3.18.x en versiones anteriores a 3.18.3, 3.19.x y 3.20.x en versiones anteriores a 3.20.4, cuando es utilizado con glib en versiones anteriores a 2.44.1, permiten a atacantes remotos provocar una denegación de servicio (escritura fuera de límites y caída) a través de vectores que involucran paso UTF-8 inválido para GMarkup. Gnome Eye of Gnome version 3.10.2 suffers from an out-of-bounds write vulnerability. • https://www.exploit-db.com/exploits/40291 http://lists.opensuse.org/opensuse-updates/2016-09/msg00021.html http://packetstormsecurity.com/files/138486/Gnome-Eye-Of-Gnome-3.10.2-Out-Of-Bounds-Write.html http://www.securityfocus.com/bid/92616 http://www.ubuntu.com/usn/USN-3069-1 https://bugzilla.gnome.org/show_bug.cgi?id=770143 https://git.gnome.org/browse/eog/commit/?id=e99a8c00f959652fe7c10e2fa5a3a7a5c25e6af4 https://git.gnome.org/browse/eog/plain/NEWS?h=3.16.5 https:/& • CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 0%CPEs: 9EXPL: 0CVE-2016-5421 – curl: Use of connection struct after free
https://notcve.org/view.php?id=CVE-2016-5421
Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors. Vulnerabilidad de uso después de liberación de memoria en libcurl en versiones anteriores a 7.50.1 permite a atacantes controlar qué conexión es usada o posiblemente tener otros impactos no especificados a través de vectores desconocidos. A use-after-free flaw was found in libcurl. When invoking curl_easy_perform() after cleaning up a multi session, an application can be tricked into using libcurl to connect to a malicious server, allowing an attacker to potentially execute arbitrary code. The highest threat from this vulnerability is to data confidentiality and integrity as well as data confidentiality. • http://lists.opensuse.org/opensuse-updates/2016-09/msg00011.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html http://www.debian.org/security/2016/dsa-3638 http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/92306 http://www.securitytracker.com/id/1036536 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.563059 http://www.ubuntu.com/usn/USN-3048-1 https://access.r • CWE-416: Use After Free •
CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 0CVE-2016-3992
https://notcve.org/view.php?id=CVE-2016-3992
cronic before 3 allows local users to write to arbitrary files via a symlink attack on a (1) cronic.out.$$, (2) cronic.err.$$, or (3) cronic.trace.$$ file in /tmp. cronic en versiones anteriores a 3 permite a usuarios locales escribir en archivos arbitrarios a través de un ataque de enlace simbólico en un archivo (1) cronic.out.$$, (2) cronic.err.$$ o (3) cronic.trace.$$ en /tmp. • http://lists.opensuse.org/opensuse-updates/2016-07/msg00013.html http://www.openwall.com/lists/oss-security/2016/04/09/4 http://www.openwall.com/lists/oss-security/2016/04/10/2 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820331 • CWE-284: Improper Access Control •