CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 1CVE-2016-4578 – Linux Kernel 4.4 (Ubuntu 16.04) - 'snd_timer_user_ccallback()' Kernel Pointer Leak
https://notcve.org/view.php?id=CVE-2016-4578
sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions. sound/core/timer.c en el kernel de Linux hasta la versión 4.6 no inicializa determinadas estructuras de datos r1, lo que permite a usuarios locales obtener información sensible del kernel de memoria de pila a través del uso manipulado de la interfaz ALSA timer, relacionado con las funciones (1) snd_timer_user_ccallback y (2) snd_timer_user_tinterrupt. A vulnerability was found in Linux kernel. There is an information leak in file sound/core/timer.c of the latest mainline Linux kernel. The stack object “r1” has a total size of 32 bytes. Its field “event” and “val” both contain 4 bytes padding. • https://www.exploit-db.com/exploits/46529 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e4ec8cc8039a7063e24204299b462bd1383184a5 http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html http://lists.opens • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-665: Improper Initialization •
CVSS: 8.8EPSS: 29%CPEs: 4EXPL: 1CVE-2016-4343 – php: Uninitialized pointer in phar_make_dirstream()
https://notcve.org/view.php?id=CVE-2016-4343
The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive. La función phar_make_dirstream en ext/phar/dirstream.c en PHP en versiones anteriores a 5.6.18 y 7.x en versiones anteriores a 7.0.3 no maneja correctamente archivos ././@LongLink de tamaño cero, lo que permite a atacantes remotos provocar una denegación de servicio (referencia a puntero no inicializado) o posiblemente tener otro impacto no especificado a través de un archivo TAR manipulado. • http://lists.opensuse.org/opensuse-updates/2016-05/msg00086.html http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.openwall.com/lists/oss-security/2016/04/28/2 http://www.securityfocus.com/bid/89179 https://bugs.php.net/bug.php?id=71331 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDi • CWE-456: Missing Initialization of a Variable CWE-824: Access of Uninitialized Pointer •
CVSS: 9.6EPSS: 0%CPEs: 13EXPL: 1CVE-2015-8866 – php: libxml_disable_entity_loader setting is shared between threads
https://notcve.org/view.php?id=CVE-2015-8866
ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161. ext/libxml/libxml.c en PHP en versiones anteriores a 5.5.22 y 5.6.x en versiones anteriores a 5.6.6, cuando se utiliza PHP-FPM, no aisla cada hilo de cambios libxml_disable_entity_loader en otros hilos, lo que permite a atacantes remotos llevar a cabo ataques XML External Entity (XXE) y XML Entity Expansion (XEE) a través de un documento XML manipulado, un problema relacionado con la CVE-2015-5161. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=de31324c221c1791b26350ba106cc26bad23ace9 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00056.html http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.openwall.com/lists/oss-security/2016/04/24/1 http://www.php.net/ChangeLog-5.php http://www.securityfocus.com/bid/ • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2016-4346
https://notcve.org/view.php?id=CVE-2016-4346
Integer overflow in the str_pad function in ext/standard/string.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow. Desbordamiento de entero en la función str_pad en ext/standard/string.c en PHP en versiones anteriores a 7.0.4 permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de una cadena larga, encabezando un desbordamiento de buffer basado en memoria dinámica. • http://lists.opensuse.org/opensuse-updates/2016-05/msg00086.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00027.html http://php.net/ChangeLog-7.php http://www.openwall.com/lists/oss-security/2016/04/28/2 https://bugs.php.net/bug.php?id=71637 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 1%CPEs: 7EXPL: 1CVE-2016-4544 – php: Out-of-bounds heap memory read in exif_read_data() caused by malformed input
https://notcve.org/view.php?id=CVE-2016-4544
The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data. La función exif_process_TIFF_in_JPEG en ext/exif/exif.c en PHP en versiones anteriores a 5.5.35, 5.6.x en versiones anteriores a 5.6.21 y 7.x en versiones anteriores a 7.0.6 no valida los datos de inicio TIFF, lo que permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) o posiblemente tener otro impacto no especificado a través de datos de cabecera manipulados. • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183736.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00086.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00027.html http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.debian.org/security/2016/dsa-3602 http://www.openwall.com/lists/oss-security/2016/05/05/21 http://www.securityfocus.com/bid/89844 https:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •