CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 0CVE-2016-4414
https://notcve.org/view.php?id=CVE-2016-4414
13 Jun 2016 — The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data. La función onReadyRead en core/coreauthhandler.cpp en Quassel en versiones anteriores a 0.12.4 permite a atacantes remotos provocar una caída de servicio (referencia a un puntero NULL y caída) a través de una información handshake no válida. • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183571.html •
CVSS: 5.5EPSS: 1%CPEs: 23EXPL: 0CVE-2015-3192 – Framework: denial-of-service attack with XML input
https://notcve.org/view.php?id=CVE-2015-3192
09 Jun 2016 — Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file. Pivotal Spring Framework en versiones anteriores a 3.2.14 y 4.x en versiones anteriores a 4.1.7 no procesa correctamente las declaraciones DTD en línea cuando DTD no está completamente desactivado, lo que permite a atacantes remotos provoca... • http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162015.html • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2016-3096 – Gentoo Linux Security Advisory 201607-14
https://notcve.org/view.php?id=CVE-2016-3096
03 Jun 2016 — The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory. La función create_script en el módulo lxc_container en Ansible en versiones anteriores a 1.9.6-1 y 2.x en versiones anteriores a 2.0.2.... • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183103.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 10%CPEs: 2EXPL: 0CVE-2015-8853 – Ubuntu Security Notice USN-3625-1.tt
https://notcve.org/view.php?id=CVE-2015-8853
25 May 2016 — The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80." Las funciones (1) S_reghop3, (2) S_reghop4 y (3) S_reghopmaybe3 en regexec.c en Perl en versiones anteriores a 5.24.0 permiten a atacantes dependientes del contexto provocar una denegación de servicio (bucle infinito) a través de datos utf-8 manipulados, según lo demostrado por ... • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183592.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 3%CPEs: 6EXPL: 1CVE-2016-3959 – golang: infinite loop in several big integer routines
https://notcve.org/view.php?id=CVE-2016-3959
23 May 2016 — The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries. La función Verify en crypto/dsa/dsa.go en Go en versiones anteriores a 1.5.4 y 1.6.x en versiones anteriores a 1.6.1 no comprueba correctamente los parámetros pasados a la gran lib... • https://github.com/alexmullins/dsa • CWE-20: Improper Input Validation CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 5%CPEs: 4EXPL: 0CVE-2016-3674 – XStream: enabled processing of external entities
https://notcve.org/view.php?id=CVE-2016-3674
13 May 2016 — Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver, and (7) WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document. Múltiples vulnerabilidades de entidad externa (XXE) en (1) Dom4JDriver, (2) DomDriver, (3) JDom Driver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver y (7) WstxDriver drivers en XStream en versiones anteriores a... • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183180.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.6EPSS: 4%CPEs: 11EXPL: 0CVE-2016-4001 – Ubuntu Security Notice USN-2974-1
https://notcve.org/view.php?id=CVE-2016-4001
12 May 2016 — Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cause a denial of service (QEMU crash) via a large packet. Desbordamiento de buffer en la función stellaris_enet_receive en hw/net/stellaris_enet.c en QEMU, cuando el controlador ethernet Stellaris está configurado para aceptar paquetes grandes, permite a atacantes remotos provocar una denegación de servicio (caída... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3a15cc0e1ee7168db0782133d2607a6bfa422d66 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.0EPSS: 0%CPEs: 12EXPL: 0CVE-2016-4037 – Ubuntu Security Notice USN-2974-1
https://notcve.org/view.php?id=CVE-2016-4037
12 May 2016 — The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558. La función ehci_advance_state en hw/usb/hcd-ehci.c en QEMU permite a administradores de SO locales invitados provocar una denegación de servicio (bucle infinito y consumo de CPU) a través de una lista siTD (de descriptor de transferencia isócrona di... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=1ae3f2f178087711f9591350abad133525ba93f2 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.9EPSS: 4%CPEs: 9EXPL: 0CVE-2016-4008 – Gentoo Linux Security Advisory 201703-05
https://notcve.org/view.php?id=CVE-2016-4008
02 May 2016 — The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate. La función _asn1_extract_der_octet en lib/decoding.c en GNU Libtasn1 en versiones anteriores a 4.8, cuando se utiliza sin el indicador ASN1_DECODE_FLAG_STRICT_DER, permite a atacantes remotos provocar una denegación de servicio (recursión infinita) a través de un certific... • http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=a6e0a0b58f5cdaf4e9beca5bce69c09808cbb625 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 6%CPEs: 9EXPL: 0CVE-2016-4002 – Ubuntu Security Notice USN-2974-1
https://notcve.org/view.php?id=CVE-2016-4002
26 Apr 2016 — Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes. Desbordamiento de buffer en la función mipsnet_receive en hw/net/mipsnet.c en QEMU, cuando el NIC invitado se configura para aceptar paquetes grandes, permite a atacantes remotos provocar una denegación de servicio (c... • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183275.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •