Page 25 of 453 results (0.018 seconds)

CVSS: 7.8EPSS: 0%CPEs: 38EXPL: 5

CVE-2016-0728 – Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Local Privilege Escalation

https://notcve.org/view.php?id=CVE-2016-0728

The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands. La función join_session_keyring en security/keys/process_keys.c en el kernel de Linux en versiones anteriores a 4.4.1 no maneja correctamente referencias a objetos en un cierto caso de error, lo que permite a usuarios locales obtener privilegios o provocar una denegación de servicio (desbordamiento de entero y uso después de liberación) a través de comandos keyctl manipulados. A use-after-free flaw was found in the way the Linux kernel's key management subsystem handled keyring object reference counting in certain error path of the join_session_keyring() function. A local, unprivileged user could use this flaw to escalate their privileges on the system. • https://www.exploit-db.com/exploits/40003 https://www.exploit-db.com/exploits/39277 https://github.com/hal0taso/CVE-2016-0728 https://github.com/googleweb/CVE-2016-0728 https://github.com/th30d00r/Linux-Vulnerability-CVE-2016-0728-and-Exploit http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23567fd052a9abb6d67fe8e7a9ccdd9800a540f2 http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html http://lists.fedoraproject.org/pipermail/package-announce/2016 • CWE-416: Use After Free •

CVSS: 9.3EPSS: 2%CPEs: 198EXPL: 0

CVE-2015-8540 – libpng: underflow read in png_check_keyword()

https://notcve.org/view.php?id=CVE-2015-8540

Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read. Desbordamiento inferior de entero en la función png_check_keyword en pngwutil.c en libpng 0.90 hasta la versión 0.99, 1.0.x en versiones anteriores a 1.0.66, 1.1.x y 1.2.x en versiones anteriores a 1.2.56, 1.3.x y 1.4.x en versiones anteriores a 1.4.19 y 1.5.x en versiones anteriores a 1.5.26 permite a atacantes remotos tener un impacto no especificado a través de un carácter de espacio como contraseña en una imagen PNG, lo que desencadena una lectura fuera de rango. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174435.html http://sourceforge.net/p/libpng/bugs/244 http://sourceforge.net/p/libpng/code/ci/d9006f683c641793252d92254a75ae9b815b42ed http://sourceforge.net/projects/libpng/files/libpng10/1.0.66 http://sourceforge.net/projects/libpng/files/libpng12/1.2.56 http://sourceforge.net/projects/libpng/files/libpng14/1.4.19 http://sourceforge.net/projects/libpng/files/libpng15/1.5.26 http://www.debian.org/security/2016/dsa-34 • CWE-125: Out-of-bounds Read CWE-189: Numeric Errors •

CVSS: 9.0EPSS: 4%CPEs: 14EXPL: 0

CVE-2015-7512 – Qemu: net: pcnet: buffer overflow in non-loopback mode

https://notcve.org/view.php?id=CVE-2015-7512

Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet. Desbordamiento de buffer en la función pcnet_receive en hw/net/pcnet.c en QEMU, cuando un NIC invitado tiene un MTU más grande, permite a atacantes provocar una denegación de servicio (caída de SO invitado) o ejecutar código arbitrario a través de un paquete grande. A buffer overflow flaw was found in the way QEMU's AMD PC-Net II emulation validated certain received packets from a remote host in non-loopback mode. A remote, unprivileged attacker could potentially use this flaw to execute arbitrary code on the host with the privileges of the QEMU process. Note that to exploit this flaw, the guest network interface must have a large MTU limit. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=8b98a2f07175d46c3f7217639bd5e03f http://rhn.redhat.com/errata/RHSA-2015-2694.html http://rhn.redhat.com/errata/RHSA-2015-2695.html http://rhn.redhat.com/errata/RHSA-2015-2696.html http://www.debian.org/security/2016/dsa-3469 http://www.debian.org/security/2016/dsa-3470 http://www.debian.org/security/2016/dsa-3471 http://www.openwall.com/lists/oss-security/2015/11/30/3 http://www.oracle.com/technetwork/topics/securi • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow •

CVSS: 5.3EPSS: 1%CPEs: 56EXPL: 0

CVE-2015-3195 – OpenSSL: X509_ATTRIBUTE memory leak

https://notcve.org/view.php?id=CVE-2015-3195

The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application. La implementación ASN1_TFLG_COMBINE en crypto/asn1/tasn_dec.c en OpenSSL en versiones anteriores a 0.9.8zh, 1.0.0 en versiones anteriores a 1.0.0t, 1.0.1 en versiones anteriores a 1.0.1q y 1.0.2 en versiones anteriores a 1.0.2e no maneja correctamente los errores provocados por datos X509_ATTRIBUTE malformados, lo que permite a atacantes remotos obtener información sensible de memoria de proceso desencadenando un fallo de decodificación en una aplicación PKCS#7 o CMS. A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. • http://fortiguard.com/advisory/openssl-advisory-december-2015 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html http://lists.opensuse& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 7.5EPSS: 2%CPEs: 62EXPL: 0

CVE-2015-8126 – libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions

https://notcve.org/view.php?id=CVE-2015-8126

Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. Múltiples desbordamientos de buffer en las funciones (1) png_set_PLTE y (2) png_get_PLTE en libpng en versiones anteriores a 1.0.64, 1.1.x y 1.2.x en versiones anteriores a 1.2.54, 1.3.x y 1.4.x en versiones anteriores a 1.4.17, 1.5.x en versiones anteriores a 1.5.24 y 1.6.x en versiones anteriores a 1.6.19 permiten a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente tener otro impacto no especificado a través de un valor bit-depth pequeño en un fragmento IHDR (también conocido como image header) en una imagen PNG. It was discovered that the png_get_PLTE() and png_set_PLTE() functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer overflow or out-of-bounds reads. An attacker could exploit this to cause a crash or potentially execute arbitrary code by tricking an unsuspecting user into processing a specially crafted PNG image. • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172324.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172620.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172647.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172663.html http://lists.fedoraproject.org/pipermail • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •