CVE-2016-1954 – Mozilla: Local file overwriting and potential privilege escalation through CSP reports (MFSA 2016-17)
https://notcve.org/view.php?id=CVE-2016-1954
The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local file. La función nsCSPContext::SendReports en dom/security/nsCSPContext.cpp en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones anteriores a 38.7 no previene el uso de una URL de informe no HTTP para un informe de violación de Content Security Policy (CSP), lo que permite a atacantes remotos causar una denegación de servicio (sobreescripción de datos) o posiblemente ganar privilegios especificando el URL de un archivo local." • http://hg.mozilla.org/releases/mozilla-release/rev/5154bb929236 http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.htm • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-1957 – Mozilla: Memory leak in libstagefright when deleting an array during MP4 processing (MFSA 2016-20)
https://notcve.org/view.php?id=CVE-2016-1957
Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array. Fuga de memoria en libstagefright en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones anteriores a 38.7 permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de un archivo MPEG-4 que desencadena una operación de borrado sobre un array. • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html http://lists.opensuse.org/opensuse-security-announce/2016-03 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-1629 – chromium-browser: same-origin bypass in Blink and Sandbox escape in Chrome
https://notcve.org/view.php?id=CVE-2016-1629
Google Chrome before 48.0.2564.116 allows remote attackers to bypass the Blink Same Origin Policy and a sandbox protection mechanism via unspecified vectors. Google Chrome en versiones anteriores a 48.0.2564.116 permite a atacantes remotos eludir la Blink Same Origin Policy y el mecanismo de protección sandbox a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_18.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00045.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00048.html http://rhn.redhat.com/errata/RHSA-2016-0286.html http://www.debian.org/security/2016/dsa-3486 http://www.securityfocus.com/bid/83302 http://www.securitytracker.com/id/1035184 http://www. • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-7976
https://notcve.org/view.php?id=CVE-2015-7976
The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename. El comando savconfig ntpq en NTP 4.1.2, 4.2.x en versiones anteriores a 4.2.8p6, 4.3, 4.3.25, 4.3.70 y 4.3.77 no filtra adecuadamente caracteres especiales, lo que permite a atacantes causar un impacto no especificado a través de un nombre de archivo manipulado. • http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2016-08 • CWE-254: 7PK - Security Features •