Page 4 of 95 results (0.005 seconds)

CVSS: 8.1EPSS: 7%CPEs: 34EXPL: 0

CVE-2016-0376 – JDK: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix

https://notcve.org/view.php?id=CVE-2016-0376

The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton class, which implements the javax.rmi.CORBA.ValueHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-5456. La clase com.ibm.rmi.io.SunSerializableFactory en IBM SDK, Java Technology Edition 6 en versiones anteriores a SR16 FP25 (6.0.16.25), 6 R1 en versiones anteriores a SR8 FP25 (6.1.8.25), 7 en versiones anteriores a SR9 FP40 (7.0.9.40), 7 R1 en versiones anteriores a SR3 FP40 (7.1.3.40) y 8 en versiones anteriores a SR3 (8.0.3.0) no deserializa correctamente las clases en un bloque AccessController doPrivileged, lo que permite a atacantes remotos eludir un mecanismo de protección sandbox y ejecutar código arbitrario como se demuestra mediante el método readValue de la clase com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton, lo que implementa la interfaz javax.rmi.CORBA.ValueHandler. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2013-5456. • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html http://lists.opensuse.org/opensuse-security-announce/2016-05 •

CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0

CVE-2016-2051 – chromium-browser: Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17

https://notcve.org/view.php?id=CVE-2016-2051

Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google V8 en versiones anteriores a 4.8.271.17, tal como se utiliza en Google Chrome en versiones anteriores a 48.0.2564.82, permiten a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html http://rhn.redhat.com/errata/RHSA-2016-0072.html http://www.securityfocus.com/bid/81431 http://www.securitytracker.com/id/1034801 http://www.ubuntu.com/usn/USN-2877-1 https://access.redhat.com/security/cve/CVE-2016-2051 https://bugzilla.redhat.com/show_bug.cgi?id=1301550 •

CVSS: 9.3EPSS: 2%CPEs: 198EXPL: 0

CVE-2015-8540 – libpng: underflow read in png_check_keyword()

https://notcve.org/view.php?id=CVE-2015-8540

Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read. Desbordamiento inferior de entero en la función png_check_keyword en pngwutil.c en libpng 0.90 hasta la versión 0.99, 1.0.x en versiones anteriores a 1.0.66, 1.1.x y 1.2.x en versiones anteriores a 1.2.56, 1.3.x y 1.4.x en versiones anteriores a 1.4.19 y 1.5.x en versiones anteriores a 1.5.26 permite a atacantes remotos tener un impacto no especificado a través de un carácter de espacio como contraseña en una imagen PNG, lo que desencadena una lectura fuera de rango. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174435.html http://sourceforge.net/p/libpng/bugs/244 http://sourceforge.net/p/libpng/code/ci/d9006f683c641793252d92254a75ae9b815b42ed http://sourceforge.net/projects/libpng/files/libpng10/1.0.66 http://sourceforge.net/projects/libpng/files/libpng12/1.2.56 http://sourceforge.net/projects/libpng/files/libpng14/1.4.19 http://sourceforge.net/projects/libpng/files/libpng15/1.5.26 http://www.debian.org/security/2016/dsa-34 • CWE-125: Out-of-bounds Read CWE-189: Numeric Errors •

CVSS: 6.8EPSS: 3%CPEs: 9EXPL: 0

CVE-2015-1270 – ICU: Uninitialized memory read fixed in Chrome 44.0.2403.89

https://notcve.org/view.php?id=CVE-2015-1270

The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU), as used in Google Chrome before 44.0.2403.89, mishandles converter names with initial x- substrings, which allows remote attackers to cause a denial of service (read of uninitialized memory) or possibly have unspecified other impact via a crafted file. Vulnerabilidad en la función ucnv_io_getConverterName en common/ucnv_io.cpp en International Components for Unicode (ICU), usadas en Google Chrome en versiones anteriores a la 44.0.2403.89, no maneja correctamente los nombres convertidos con la subcadena inicial -x, lo cual permite a atacantes remotos causar una denegación de servicio mediante, la lectura de la memoria no inicializada o posiblemente teniendo otro impacto no especificado a través de un archivo manipulado. • http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html http://rhn.redhat.com/errata/RHSA-2015-1499.html http://www.debian.org/security/2015/dsa-3315 http://www.debian.org/security/2015/dsa-3360 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.securityfocus.com/bid/75973 http://www.securitytracker.com/id/1033031 http://www.ubuntu.com/usn/USN-274 • CWE-19: Data Processing Errors •

CVSS: 6.8EPSS: 1%CPEs: 8EXPL: 0

CVE-2015-1271 – chromium-browser: Heap-buffer-overflow in pdfium

https://notcve.org/view.php?id=CVE-2015-1271

PDFium, as used in Google Chrome before 44.0.2403.89, does not properly handle certain out-of-memory conditions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted PDF document that triggers a large memory allocation. Vulnerabilidad en PDFium implementado en Google Chrome en versiones anteriores a la 44.0.2403.89, no maneja correctamente ciertas condiciones de out-of-memory, lo cual permite a atacantes remotos causar una denegación de servicio mediante un desbordamiento de buffer basado en memoria dinámica o posiblemente tener otro impacto no especificado a través un documento PDF manipulado que desencadena una asignación de memoria de gran tamaño. • http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html http://rhn.redhat.com/errata/RHSA-2015-1499.html http://www.debian.org/security/2015/dsa-3315 http://www.securityfocus.com/bid/75973 http://www.securitytracker.com/id/1033031 https://code.google.com/p/chromium/issues/detail?id=446032 https://codereview.chromium.org/1226403008 https://security.gentoo.org/glsa/201603-09 https:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •