CVE-2016-9843 – zlib: Big-endian out-of-bounds pointer
https://notcve.org/view.php?id=CVE-2016-9843
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. La función crc32_big en crc32.c in zlib 1.2.8 podría permitir que atacantes dependientes del contexto causen impactos no especificados mediante vectores que implican cálculos CRC big-endian. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html http://www.openwall.com/lists/oss-security/2016/12/05/21 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus •
CVE-2016-9841 – zlib: Out-of-bounds pointer arithmetic in inffast.c
https://notcve.org/view.php?id=CVE-2016-9841
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. inffast.c en zlib 1.2.8 puede permitir que atacantes dependientes del contexto causen un impacto no especificado aprovechando una aritmética de puntero incorrecta.. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html http://www.openwall.com/lists/oss-security/2016/12/05/21 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus •
CVE-2016-9842 – zlib: Undefined left shift of negative number
https://notcve.org/view.php?id=CVE-2016-9842
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. La función inflateMark en inflate.c en zlib 1.2.8 podría permitir que los atacantes dependientes del contexto tener un impacto no especificado a través de vectores que implican cambios a la izquierda de enteros negativos. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html http://www.openwall.com/lists/oss-security/2016/12/05/21 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/95131 http://www.securitytracker.com/id/1039427 https:/ •
CVE-2016-6663 – MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'mysql' System User Privilege Escalation / Race Condition
https://notcve.org/view.php?id=CVE-2016-6663
Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table. Condición de carrera en Oracle MySQL en versiones anteriores a 5.5.52, 5.6.x en versiones anteriores a 5.6.33, 5.7.x en versiones anteriores a 5.7.15 y 8.x en versiones anteriores a 8.0.1; MariaDB en versiones anteriores a 5.5.52, 10.0.x en versiones anteriores a 10.0.28 y 10.1.x en versiones anteriores a 10.1.18; Percona Server en versiones anteriores a 5.5.51-38.2, 5.6.x en versiones anteriores a 5.6.32-78-1 y 5.7.x en versiones anteriores a 5.7.14-8 y Percona XtraDB Cluster en versiones anteriores a 5.5.41-37.0, 5.6.x en versiones anteriores a 5.6.32-25.17 y 5.7.x en versiones anteriores a 5.7.14-26.17 permite a usuarios locales con ciertos permisos obtener privilegios aprovechando el uso de my_copystat por REPAIR TABLE para reparar una tabla MyISAM. A race condition was found in the way MySQL performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user. An independent research has revealed a race condition vulnerability which affects MySQL, MariaDB and PerconaDB databases. • https://www.exploit-db.com/exploits/40678 https://github.com/firebroo/CVE-2016-6663 http://rhn.redhat.com/errata/RHSA-2016-2130.html http://rhn.redhat.com/errata/RHSA-2016-2131.html http://rhn.redhat.com/errata/RHSA-2016-2595.html http://rhn.redhat.com/errata/RHSA-2016-2749.html http://rhn.redhat.com/errata/RHSA-2016-2927.html http://rhn.redhat.com/errata/RHSA-2016-2928.html http://rhn.redhat.com/errata/RHSA-2017-0184.html http://seclists.org/fulldisclosure • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2016-2105 – openssl: EVP_EncodeUpdate overflow
https://notcve.org/view.php?id=CVE-2016-2105
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. Desbordamiento de entero en la función EVP_EncodeUpdate en crypto/evp/encode.c en OpenSSL en versiones anteriores a 1.0.1t y 1.0.2 en versiones anteriores a 1.0.2h permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria dinámica) a través de una gran cantidad de datos binarios. An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-05/ • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •