CVE-2016-4805
https://notcve.org/view.php?id=CVE-2016-4805
Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions. Vulnerabilidad de uso después de liberación de memoria en drivers/net/ppp/ppp_generic.c en el kernel de Linux en versiones anteriores a 4.5.2 permite a usuarios locales provocar una denegación de servicio (corrupción de memoria y caída de sistema o spinlock) o posiblemente tener otro impacto no especificado eliminando una red namespace, relacionado con las funciones ppp_register_net_channel y ppp_unregister_channel. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1f461dcdd296eecedaffffc6bae2bfa90bd7eb89 http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html http://lists.opensuse.org • CWE-416: Use After Free •
CVE-2016-4486 – Linux Kernel 4.4 - 'rtnetlink' Stack Memory Disclosure
https://notcve.org/view.php?id=CVE-2016-4486
The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message. La función rtnl_fill_link_ifmap en net/core/rtnetlink.c en el kernel de Linux en versiones anteriores a 4.5.5 no inicializa una estructura de datos determinada, lo que permite a usuarios locales obtener información sensible del kernel de memoria de pila leyendo un mensaje Netlink. • https://www.exploit-db.com/exploits/46006 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f8e44741f9f216e33736ea4ec65ca9ac03036e6 http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html http://lists.opensuse.org/opensuse-security-announce/2016 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-2187
https://notcve.org/view.php?id=CVE-2016-2187
The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. La función gtco_probe en drivers/input/tablet/gtco.c en el kernel de Linux hasta la versión 4.5.2 permite a atacantes físicamente próximos provocar una denegación de servicio (referencia a puntero NULL y caída de sistema) a través de un valor de dispositivos finales manipulado en un descriptor de dispositivo USB. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=162f98dea487206d9ab79fc12ed64700667a894d http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html http://www.debian.org/security/2016/dsa-3607 http://www.securityfocus.com/bid/85425 http://www.ubuntu.com/usn/USN-2989-1 http://www.ubuntu.com/usn/USN-2996-1 http://www.ubuntu.com/usn/USN-2997-1 http://www.ubuntu •
CVE-2016-0363 – JDK: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix
https://notcve.org/view.php?id=CVE-2016-0363
The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3009. La clase com.ibm.CORBA.iiop.ClientDelegate en IBM SDK, Java Technology Edition 6 en versiones anteriores a SR16 FP25 (6.0.16.25), 6 R1 en versiones anteriores a SR8 FP25 (6.1.8.25), 7 en versiones anteriores a SR9 FP40 (7.0.9.40), 7 R1 en versiones anteriores a SR3 FP40 (7.1.3.40) y 8 en versiones anteriores a SR3 (8.0.3.0) utiliza el método de invocación de la clase java.lang.reflect.Method en un bloque AccessController doPrivileged, lo que permite a atacantes remotos llamar a setSecurityManager y eludir un mecanismo de protección sandbox a través de vectores relacionados con una instancia a un objeto Proxy implementando la interfaz java.lang.reflect.InvocationHandler. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2013-3009. • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html http://lists.opensuse.org/opensuse-security-announce/2016-05 • CWE-20: Improper Input Validation •
CVE-2016-0376 – JDK: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix
https://notcve.org/view.php?id=CVE-2016-0376
The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton class, which implements the javax.rmi.CORBA.ValueHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-5456. La clase com.ibm.rmi.io.SunSerializableFactory en IBM SDK, Java Technology Edition 6 en versiones anteriores a SR16 FP25 (6.0.16.25), 6 R1 en versiones anteriores a SR8 FP25 (6.1.8.25), 7 en versiones anteriores a SR9 FP40 (7.0.9.40), 7 R1 en versiones anteriores a SR3 FP40 (7.1.3.40) y 8 en versiones anteriores a SR3 (8.0.3.0) no deserializa correctamente las clases en un bloque AccessController doPrivileged, lo que permite a atacantes remotos eludir un mecanismo de protección sandbox y ejecutar código arbitrario como se demuestra mediante el método readValue de la clase com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton, lo que implementa la interfaz javax.rmi.CORBA.ValueHandler. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2013-5456. • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html http://lists.opensuse.org/opensuse-security-announce/2016-05 •