CVE-2015-8864
https://notcve.org/view.php?id=CVE-2015-8864
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068. La vulnerabilidad XSS en Roundcube Webmail en versiones anteriores a 1.0.9 y 1.1.x en versiones anteriores a 1.1.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un SVG manipulado, una vulnerabilidad diferente a CVE-2016-4068. • http://lists.opensuse.org/opensuse-updates/2016-08/msg00078.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00079.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00095.html https://github.com/roundcube/roundcubemail/commit/40d7342dd9c9bd2a1d613edc848ed95a4d71aa18 https://github.com/roundcube/roundcubemail/issues/4949 https://github.com/roundcube/roundcubemail/releases/tag/1.0.9 https://github.com/roundcube/roundcubemail/releases/tag/1.1.5 https://github.com/roundcube/roundcubemail/wiki • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-5314
https://notcve.org/view.php?id=CVE-2016-5314
Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr. Desbordamiento de búfer en la función PixarLogDecode en tif_pixarlog.c en LibTIFF, en versiones 4.0.6 y anteriores, permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado de la aplicación) u otro tipo de impacto sin especificar mediante una imagen TIFF manipulada. Esto se demuestra sobrescribiendo el puntero de función vgetparent con rgb2ycbcr. • http://bugzilla.maptools.org/show_bug.cgi?id=2554 http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00017.html http://lists.opensuse.org/opensuse-updates/2016-07/msg00087.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00060.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00090.html http://www.openwall.com/lists/oss-security/2016/06/15/1 http://www.openwall.com/lists/oss-security/2016/06/15/9 http://www.openwall.com/lists/oss-security/2 • CWE-787: Out-of-bounds Write •
CVE-2016-5316
https://notcve.org/view.php?id=CVE-2016-5316
Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr tool. Lectura fuera de límites en la función PixarLogCleanup en tif_pixarlog.c en libtiff 4.0.6 y versiones anteriores permite a atacantes remotos bloquear la aplicación enviando una imagen TIFF manipulada a la herramienta rgb2ycbcr. • http://lists.opensuse.org/opensuse-updates/2016-07/msg00087.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00060.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00090.html http://www.debian.org/security/2017/dsa-3762 http://www.openwall.com/lists/oss-security/2016/06/15/3 http://www.securityfocus.com/bid/91203 https://security.gentoo.org/glsa/201701-16 • CWE-125: Out-of-bounds Read •
CVE-2016-5321
https://notcve.org/view.php?id=CVE-2016-5321
The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service (invalid read and crash) via a crafted tiff image. La función DumpModeDecode en libtiff 4.0.6 y versiones anteriores permite a atacantes provocar una denegación de servicio (lectura no válida y caída) a través de una imagen tiff manipulada. • http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00017.html http://www.debian.org/security/2017/dsa-3762 http://www.securityfocus.com/bid/91209 https://security.gentoo.org/glsa/201701-16 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-5317
https://notcve.org/view.php?id=CVE-2016-5317
Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service attack (crash) via a crafted TIFF file. Desbordamiento de búfer en la función PixarLogDecode en libtiff.so en la función PixarLogDecode en libtiff 4.0.6 y versiones anteriores, como se utiliza en GNOME nautilus, permite a atacantes provocar un ataque de denegación de servicio (caída) a través de un archivo TIFF manipulado. • http://lists.opensuse.org/opensuse-updates/2016-07/msg00087.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00060.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00090.html http://www.debian.org/security/2017/dsa-3762 http://www.openwall.com/lists/oss-security/2016/06/15/10 http://www.openwall.com/lists/oss-security/2016/06/15/5 http://www.securityfocus.com/bid/91208 https://security.gentoo.org/glsa/201701-16 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •