CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2016-1668 – chromium-browser: same origin bypass in blink v8 bindings
https://notcve.org/view.php?id=CVE-2016-1668
The forEachForBinding function in WebKit/Source/bindings/core/v8/Iterable.h in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.102, uses an improper creation context, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. La función forEachForBinding en WebKit/Source/bindings/core/v8/Iterable.h en los enlaces V8 en Blink, tal como se utiliza en Google Chrome en versiones anteriores a 50.0.2661.102, utiliza un contexto de creación indebido, lo que permite a atacantes remotos eludir la Same Origin Policy a través de un sitio web manipulado. • http://googlechromereleases.blogspot.com/2016/05/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00043.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html http://rhn.redhat.com/errata/RHSA-2016-1080.html http://www.debian.org/security/2016/dsa-3590 http://www.securityfocus.com/bid/90584 http://www.securitytracker.com/id/1035872 http://www.ubuntu • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2016-1670 – chromium-browser: race condition in loader
https://notcve.org/view.php?id=CVE-2016-1670
Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resource_dispatcher_host_impl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to make arbitrary HTTP requests by leveraging access to a renderer process and reusing a request ID. Condición de carrera en la función ResourceDispatcherHostImpl::BeginRequest en content/browser/loader/resource_dispatcher_host_impl.cc en Google Chrome en versiones anteriores a 50.0.2661.102 permite a atacantes remotos hacer peticiones HTTP arbitrarias aprovechando el acceso a un proceso de renderizado y reutilizando una petición ID. • http://googlechromereleases.blogspot.com/2016/05/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00043.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html http://rhn.redhat.com/errata/RHSA-2016-1080.html http://www.debian.org/security/2016/dsa-3590 http://www.securityfocus.com/bid/90584 http://www.securitytracker.com/id/1035872 http://www.ubuntu • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2016-3697 – docker: privilege escalation via confusion of usernames and UIDs
https://notcve.org/view.php?id=CVE-2016-3697
libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container. libcontainer/user/user.go en runC en versiones anteriores a 0.1.0, tal como se utiliza en Docker en versiones anteriores a 1.11.2, trata indebidamente un UID numérico como un nombre de usuario potencial, lo que permite a usuarios locales obtener privilegios a través de un nombre de usuario numérico en el archivo password en un contenedor. It was found that Docker would launch containers under the specified UID instead of a username. An attacker able to launch a container could use this flaw to escalate their privileges to root within the launched container. • http://lists.opensuse.org/opensuse-updates/2016-05/msg00111.html http://rhn.redhat.com/errata/RHSA-2016-1034.html http://rhn.redhat.com/errata/RHSA-2016-2634.html https://github.com/docker/docker/issues/21436 https://github.com/opencontainers/runc/commit/69af385de62ea68e2e608335cffbb0f4aa3db091 https://github.com/opencontainers/runc/pull/708 https://github.com/opencontainers/runc/releases/tag/v0.1.0 https://security.gentoo.org/glsa/201612-28 https://access.redhat.com/security/cve/CVE- • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2016-2099
https://notcve.org/view.php?id=CVE-2016-2099
Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impact via an invalid character in an XML document. Vulnerabilidad de uso después de liberación de memoria en validators/DTD/DTDScanner.cpp en Apache Xerces C++ 3.1.3 y versiones anteriores permite a atacantes dependientes de contexto tener un impacto no especificado a través de un carácter inválido en un documento XML. • http://lists.opensuse.org/opensuse-updates/2016-07/msg00016.html http://lists.opensuse.org/opensuse-updates/2016-07/msg00053.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00013.html http://www.debian.org/security/2016/dsa-3579 http://www.openwall.com/lists/oss-security/2016/05/09/7 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.securityfocus.com/bid/90502 https://issues.apache.org/jira/browse/XERCESC-2066 https://security.gento •
CVSS: 10.0EPSS: 3%CPEs: 3EXPL: 0CVE-2015-8863 – jq: heap-buffer-overflow in tokenadd() function
https://notcve.org/view.php?id=CVE-2015-8863
Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number, which triggers a heap-based buffer overflow. Error por un paso en la función tokenadd en jv_parse.c en jq permite a atacantes remotos provocar una denegación de servicio (caída) a través de un número largo codificado en JSON, lo que desencadena un desbordamiento de buffer basado en memoria dinámica. A heap-based buffer overflow flaw was found in jq's tokenadd() function. By tricking a victim into processing a specially crafted JSON file, an attacker could use this flaw to crash jq or, potentially, execute arbitrary code on the victim's system. • http://lists.opensuse.org/opensuse-updates/2016-05/msg00012.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00014.html http://rhn.redhat.com/errata/RHSA-2016-1098.html http://rhn.redhat.com/errata/RHSA-2016-1099.html http://rhn.redhat.com/errata/RHSA-2016-1106.html http://www.openwall.com/lists/oss-security/2016/04/23/1 http://www.openwall.com/lists/oss-security/2016/04/23/2 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802231 https://github. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •