CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1714 – Qemu: nvram: OOB r/w access in processing firmware configurations
https://notcve.org/view.php?id=CVE-2016-1714
The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access and process crash) or possibly execute arbitrary code via an invalid current entry value in a firmware configuration. Las funciones (1) fw_cfg_write y (2) fw_cfg_read en hw/nvram/fw_cfg.c en QEMU en versiones anteriores a 2.4, cuando construye con el soporte de emulación de dispositivo de Firmware Configuration, permiten a usuarios del SO invitado con el privilegio CAP_SYS_RAWIO provocar una denegación de servicio (acceso a lectura o escritura fuera de rango y caída del proceso) o potencialmente ejecutar código arbitrario a través de un valor de entrada actual no válido en una configuración de firmware. An out-of-bounds read/write flaw was discovered in the way QEMU's Firmware Configuration device emulation processed certain firmware configurations. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with privileges of the QEMU process. • http://rhn.redhat.com/errata/RHSA-2016-0081.html http://rhn.redhat.com/errata/RHSA-2016-0082.html http://rhn.redhat.com/errata/RHSA-2016-0083.html http://rhn.redhat.com/errata/RHSA-2016-0084.html http://rhn.redhat.com/errata/RHSA-2016-0085.html http://rhn.redhat.com/errata/RHSA-2016-0086.html http://rhn.redhat.com/errata/RHSA-2016-0087.html http://rhn.redhat.com/errata/RHSA-2016-0088.html http://www.debian.org/security/2016/dsa-3469 http://www.debia • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 13EXPL: 0CVE-2016-1930 – Mozilla: Miscellaneous memory safety hazards (rv:38.6) (MFSA 2016-01)
https://notcve.org/view.php?id=CVE-2016-1930
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox en versiones anteriores a 44.0 y Firefox ESR 38.x en versiones anteriores a 38.6 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00101.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00105.html http://rhn.redhat.com/errata/RHSA-2016-0071.html http://rhn.redhat. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 13EXPL: 0CVE-2016-1935 – Mozilla: Buffer overflow in WebGL after out of memory allocation (MFSA 2016-03)
https://notcve.org/view.php?id=CVE-2016-1935
Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allows remote attackers to execute arbitrary code via crafted WebGL content. Desbordamiento de buffer en la función BufferSubData en Mozilla Firefox en versiones anteriores a 44.0 y Firefox ESR 38.x en versiones anteriores a 38.6 permite a atacantes remotos ejecutar código arbitrario a través de contenido WebGL manipulado. • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00101.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00105.html http://rhn.redhat.com/errata/RHSA-2016-0071.html http://rhn.redhat. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 0%CPEs: 16EXPL: 0CVE-2016-2047 – mysql: ssl-validate-cert incorrect hostname check
https://notcve.org/view.php?id=CVE-2016-2047
The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com." La función ssl_verify_server_cert en sql-common/client.c en MariaDB en versiones anteriores a 5.5.47, 10.0.x en versiones anteriores a 10.0.23 y 10.1.x en versiones anteriores a 10.1.10; Oracle MySQL 5.5.48 y versiones anteriores, 5.6.29 y versiones anteriores y 5.7.11 y versiones anteriores; y Percona Server no verifica correctamente que el nombre de host del servidor coincide con un nombre de dominio en el Common Name (CN) del asunto o en el campo subjectAltName del certificado X.509, lo que permite a atacantes man-in-the-middlesuplantar servidores SSL a través de una cadena "/CN=" en un campo en un certificado, según lo demostrado por "/OU=/CN=bar.com/CN=foo.com". It was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when establishing secure connections using TLS/SSL. A man-in-the-middle attacker could possibly use this flaw to impersonate a server to a client. • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html http://rhn.redhat.com/errata/RHSA-2016-0534.html http:&# • CWE-254: 7PK - Security Features CWE-295: Improper Certificate Validation •
CVSS: 3.5EPSS: 0%CPEs: 24EXPL: 0CVE-2016-0600 – mysql: unspecified vulnerability in subcomponent: Server: InnoDB (CPU January 2016)
https://notcve.org/view.php?id=CVE-2016-0600
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to InnoDB. Vulnerabilidad no especificada en Oracle MySQL 5.5.46 y versiones anteriores, 5.6.27 y versiones anteriores y 5.7.9 y MariaDB en versiones anteriores a 5.5.47, 10.0.x en versiones anteriores a 10.0.23 y 10.1.x en versiones anteriores a 10.1.10 permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores no conocidos relacionados con InnoDB. • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html http://rhn.redhat.com/errata/RHSA-2016-0534.html http:&# •