CVE-2015-5707
https://notcve.org/view.php?id=CVE-2015-5707
Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request. Desbordamiento de entero en la función sg_start_req en drivers/scsi/sg.c en el kernel de Linux 2.6.x hasta la versión 4.x en versiones anteriores a 4.1 permite a usuarios locales provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de un valor iov_count grande en una petición de escritura. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=451a2886b6bf90e2fb378f7c46c655450fb96e81 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdc81f45e9f57858da6351836507fbcf1b7583ee http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00026 • CWE-190: Integer Overflow or Wraparound •
CVE-2015-3405 – ntp: ntp-keygen may generate non-random symmetric keys on big-endian systems
https://notcve.org/view.php?id=CVE-2015-3405
ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys. ntp-keygen en ntp en versiones 4.2.8px anteriores a la 4.2.8p2-RC2 y en versiones 4.3.x anteriores a la 4.3.12 no genera claves MD5 con la suficiente entropía en máquinas big endian cuando el byte de menor orden de la variable temp se sitúa entre 0x20 y 0x7f y no #. Esto podría permitir que atacantes remotos obtengan el valor de las claves MD5 generadas mediante un ataque de fuerza bruta con las 93 claves posibles. A flaw was found in the way the ntp-keygen utility generated MD5 symmetric keys on big-endian systems. An attacker could possibly use this flaw to guess generated MD5 keys, which could then be used to spoof an NTP client or server. • http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=55199296N2gFqH1Hm5GOnhrk9Ypygg http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156248.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00000.html http://rhn.redhat.com/errata/RHSA-2015-1459.html http://rhn.redhat.com/errata/RHSA-2015-2231.html http://www.debian.org/security/2015/dsa-3223 http://www.debian.org/security/2015/dsa-3388 http://www.openwall.com/lists/oss-security/2015/04/23/14 http& • CWE-330: Use of Insufficiently Random Values CWE-331: Insufficient Entropy •
CVE-2015-2738 – Mozilla: Vulnerabilities found through code inspection (MFSA 2015-66)
https://notcve.org/view.php?id=CVE-2015-2738
The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors. La función YCbCrImageDataDeserializer::ToDataSourceSurface en la implementación YCbCr en Mozilla Firefox anterior a 39.0, Firefox ESR 31.x anterior a 31.8 y 38.x anterior a 38.1, y Thunderbird anterior a 38.1 lee datos de localizaciones de memoria no inicializadas, lo que tiene un impacto y vectores de ataque no especificados. • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html http://rhn.redhat.com/errata/RHSA-2015-1207.html http://rhn.redhat.com/errata/RHSA-2015-1455.html http://www.debian.org • CWE-17: DEPRECATED: Code •
CVE-2015-2737 – Mozilla: Vulnerabilities found through code inspection (MFSA 2015-66)
https://notcve.org/view.php?id=CVE-2015-2737
The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors. La función rx::d3d11::SetBufferData en la implementación Direct3D 11 en Mozilla Firefox anterior a 39.0, Firefox ESR 31.x anterior a 31.8 y 38.x anterior a 38.1, y Thunderbird anterior a 38.1 lee datos de localizaciones de memoria no inicializada, lo que tiene un impacto y vectores de ataque no especificados. • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html http://rhn.redhat.com/errata/RHSA-2015-1207.html http://rhn.redhat.com/errata/RHSA-2015-1455.html http://www.debian.org • CWE-17: DEPRECATED: Code •
CVE-2015-2734 – Mozilla: Vulnerabilities found through code inspection (MFSA 2015-66)
https://notcve.org/view.php?id=CVE-2015-2734
The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors. La función CairoTextureClientD3D9::BorrowDrawTarget en la implementación Direct3D 9 en Mozilla Firefox anterior a 39.0, Firefox ESR 31.x anterior a 31.8 y 38.x anterior a 38.1, y Thunderbird anterior a 38.1 lee datos de localizaciones de memoria no inicializada, lo que tiene un impacto y vectores de ataque no especificados. • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html http://rhn.redhat.com/errata/RHSA-2015-1207.html http://rhn.redhat.com/errata/RHSA-2015-1455.html http://www.debian.org • CWE-17: DEPRECATED: Code •