CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 1CVE-2016-9959
https://notcve.org/view.php?id=CVE-2016-9959
game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values. game-music-emu en versiones anteriores a 0.6.1 permite a los atacantes remotos generar valores fuera de los límites de 8 bits. • http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00090.html http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00005.html http://www.openwall.com/lists/oss-security/2016/12/15/11 http://www.securityfocus.com/bid/95305 https://bitbucket.org/mpyne/game-music-emu/wiki/Home https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6LKMKVYS7AVB2EXC463FUYN6C6FABHME https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org&#x • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 1CVE-2016-9958
https://notcve.org/view.php?id=CVE-2016-9958
game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations. game-music-emu en versiones anteriores a 0.6.1 permite a atacantes remotos escribir en ubicaciones de memoria arbitrarias. • http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00090.html http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00005.html http://www.openwall.com/lists/oss-security/2016/12/15/11 http://www.securityfocus.com/bid/95305 https://bitbucket.org/mpyne/game-music-emu/wiki/Home https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6LKMKVYS7AVB2EXC463FUYN6C6FABHME https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2017-17806 – kernel: HMAC implementation does not validate that the underlying cryptographic hash algorithm is unkeyed allowing local attackers to cause denial-of-service
https://notcve.org/view.php?id=CVE-2017-17806
The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization. La implementación HMAC (crypto/hmac.c) en el kernel de Linux en versiones anteriores a la 4.14.8 no valida que el algoritmo de hash criptográfico subyacente no tenga clave, lo que permite que un atacante local capaz de utilizar la interfaz hash basada en AF_ALG (CONFIG_CRYPTO_USER_API_HASH) y el algoritmo hash basado en SHA-3 (CONFIG_CRYPTO_SHA3) provoque un desbordamiento de búfer de pila de kernel ejecutando una secuencia manipulada de llamadas al sistema para encontrar una inicialización SHA-3 ausente. The HMAC implementation (crypto/hmac.c) in the Linux kernel, before 4.14.8, does not validate that the underlying cryptographic hash algorithm is unkeyed. This allows a local attacker, able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3), to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=af3ff8045bbf3e32f1a448542e73abb4c8ceb6f1 http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html http://www.securityfocus. • CWE-391: Unchecked Error Condition CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2017-17805 – kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial-of-service
https://notcve.org/view.php?id=CVE-2017-17805
The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable. El algoritmo de cifrado Salsa20 en el kernel de Linux en versiones anteriores a la 4.14.8 no maneja correctamente las entradas de longitud cero, lo que permite a un atacante local capaz de utilizar la interfaz skcipher basada en AF_ALG (CONFIG_CRYPTO_USER_API_SKCIPHER) provocar una denegación de servicio (liberación de memoria no inicializada y fallo del kernel) o provocar otro impacto no especificado ejecutando una secuencia manipulada de llamadas al sistema que utilizan la API blkcipher_walk. Tanto la implementación genérica (crypto/salsa20_generic.c) como la implementación x86 (arch/x86/crypto/salsa20_glue.c) de Salsa20 eran vulnerables. The Salsa20 encryption algorithm in the Linux kernel, before 4.14.8, does not correctly handle zero-length inputs. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ecaaab5649781c5a0effdaf298a925063020500e http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html http://www.securityfocus. • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2015-8010
https://notcve.org/view.php?id=CVE-2015-8010
Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi. Vulnerabilidad de XSS en el Classic-UI con el enlace de exportación CSV y la funcionalidad de paginación en Icinga en versiones anteriores a 1.14 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de la cadena de consulta a cgi-bin/status.cgi. • http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00019.html http://www.openwall.com/lists/oss-security/2015/10/23/15 http://www.openwall.com/lists/oss-security/2015/10/29/15 http://www.securityfocus.com/bid/97145 https://github.com/Icinga/icinga-core/issues/1563 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •