CVSS: 10.0EPSS: 29%CPEs: 10EXPL: 0CVE-2016-2324 – git: path_name() integer truncation and overflow leading to buffer overflow
https://notcve.org/view.php?id=CVE-2016-2324
16 Mar 2016 — Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow. Desboradmiento de entero en Git en versiones anteriores a 2.7.4 permite a atacantes remotos ejecutar código arbitrario a través de un (1) nombre de archivo grande o (2) muchos árboles anidados, lo que desencadena un desbordamiento de buffer basado en memoria dinámica. An integer truncation flaw and an integer overflow flaw, both... • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183147.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-194: Unexpected Sign Extension •
CVSS: 4.3EPSS: 4%CPEs: 108EXPL: 0CVE-2015-7976 – Ubuntu Security Notice USN-3096-1
https://notcve.org/view.php?id=CVE-2015-7976
27 Jan 2016 — The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename. El comando savconfig ntpq en NTP 4.1.2, 4.2.x en versiones anteriores a 4.2.8p6, 4.3, 4.3.25, 4.3.70 y 4.3.77 no filtra adecuadamente caracteres especiales, lo que permite a atacantes causar un impacto no especificado a través de un nombre de archivo manipulado. Aanchal Malhotra discovered that ... • http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html • CWE-254: 7PK - Security Features •
CVSS: 7.5EPSS: 20%CPEs: 38EXPL: 0CVE-2015-5300 – ntp: MITM attacker can force ntpd to make a step larger than the panic threshold
https://notcve.org/view.php?id=CVE-2015-5300
27 Oct 2015 — The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart). La comprobación panic_gate en NTP anterior a versión 4.2.8p5 es solo h... • http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc • CWE-20: Improper Input Validation CWE-361: 7PK - Time and State •