CVSS: 8.1EPSS: 32%CPEs: 18EXPL: 0CVE-2016-5388 – Tomcat: CGI sets environmental variable based on user supplied Proxy request header
https://notcve.org/view.php?id=CVE-2016-5388
19 Jul 2016 — Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "A mitigation is planned for future releases of Tomcat... • http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html • CWE-20: Improper Input Validation CWE-284: Improper Access Control •
CVSS: 8.1EPSS: 61%CPEs: 52EXPL: 0CVE-2016-5387 – HTTPD: sets environmental variable based on user supplied Proxy request header
https://notcve.org/view.php?id=CVE-2016-5387
18 Jul 2016 — The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID fo... • http://lists.opensuse.org/opensuse-updates/2016-07/msg00059.html • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 2%CPEs: 15EXPL: 3CVE-2016-5844 – libarchive: undefined behaviour (integer overflow) in iso parser
https://notcve.org/view.php?id=CVE-2016-5844
14 Jul 2016 — Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file. Desbordamiento de entero en el analizador ISO en libarchive en versiones anteriores a 3.2.1 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un archivo ISO manipulado. Undefined behavior (signed integer overflow) was discovered in libarchive, in the ISO parser. A crafted file could potentially cause den... • http://rhn.redhat.com/errata/RHSA-2016-1844.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 2%CPEs: 14EXPL: 0CVE-2016-4809 – libarchive: Memory allocate error with symbolic links in cpio archives
https://notcve.org/view.php?id=CVE-2016-4809
14 Jul 2016 — The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink. La función archive_read_format_cpio_read_header en archive_read_support_format_cpio.c en libarchive en versiones anteriores a 3.2.1 permite a atacantes remotos provocar denegación de servicio (caída de aplicación) a través de un archivo CPIO con un enlace simbólico grande. A vulnera... • http://rhn.redhat.com/errata/RHSA-2016-1844.html • CWE-20: Improper Input Validation CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2016-4470 – kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path
https://notcve.org/view.php?id=CVE-2016-4470
27 Jun 2016 — The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command. La función key_reject_and_link en security/keys/key.c en el kernel de Linux hasta la versión 4.6.3 no asegura que cierta estructura de datos esté inicializada, lo que permite a usuarios locales provocar una denegación de servicio (caí... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=38327424b40bcebe2de92d07312c89360ac9229a • CWE-253: Incorrect Check of Function Return Value •
CVSS: 9.8EPSS: 12%CPEs: 39EXPL: 0CVE-2016-2177 – openssl: Possible integer overflow vulnerabilities in codebase
https://notcve.org/view.php?id=CVE-2016-2177
20 Jun 2016 — OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c. OpenSSL hasta la versión 1.0.2h no utiliza correctamente la aritmética de puntero para comprobaciones de límites de buffer de memoria dinámica, lo que podría permitir a atacantes remo... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 45EXPL: 0CVE-2016-2178 – openssl: Non-constant time codepath followed for certain operations in DSA implementation
https://notcve.org/view.php?id=CVE-2016-2178
20 Jun 2016 — The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack. La función dsa_sign_setup en crypto/dsa/dsa_ossl.c en OpenSSL hasta la versión 1.0.2h no asegura correctamente la utilización de operaciones de tiempo constante, lo que facilita a usuarios locales descubrir una clave privada DSA a través de un ataque de sincronización ... • http://eprint.iacr.org/2016/594.pdf • CWE-203: Observable Discrepancy CWE-385: Covert Timing Channel •
CVSS: 6.5EPSS: 0%CPEs: 25EXPL: 0CVE-2015-8896 – ImageMagick: Integer truncation vulnerability in coders/pict.c
https://notcve.org/view.php?id=CVE-2015-8896
17 Jun 2016 — Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file. Problema de truncamiento de entero en coders/pict.c en ImageMagick en versiones anteriores a 7.0.5-0 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de un archivo .pict manipulado. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple... • http://www.openwall.com/lists/oss-security/2015/10/07/2 •
CVSS: 10.0EPSS: 56%CPEs: 24EXPL: 0CVE-2016-5118 – ImageMagick: Remote code execution via filename
https://notcve.org/view.php?id=CVE-2016-5118
30 May 2016 — The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. La función OpenBlob en blob.c en GraphicsMagick en versiones anteriores a 1.3.24 y ImageMagick permite a atacantes remotos ejecutar código arbitrario a través del caractér | (tubería) en el inicio del nombre de archivo. It was discovered that ImageMagick did not properly sanitize certain input before using it to invoke processe... • http://git.imagemagick.org/repos/ImageMagick/commit/40639d173aa8c76b850d625c630b711fee4dcfb8 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 2%CPEs: 42EXPL: 0CVE-2016-4448 – libxml2: Format string vulnerability
https://notcve.org/view.php?id=CVE-2016-4448
27 May 2016 — Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. Vulnerabilidad de formato de cadena en libxml2 en versiones anteriores a 2.9.4 permite a atacantes tener un impacto no especificado a través de especificadores de formato de cadena en vectores desconocidos. It was discovered that libxml2 incorrectly handled format strings. If a user or automated system were tricked into opening a specially crafted document, an atta... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-134: Use of Externally-Controlled Format String •