CVE-2015-4645
https://notcve.org/view.php?id=CVE-2015-4645
Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input, which triggers a stack-based buffer overflow. Desbordamiento de enteros en la función read_fragment_table_4 en unsquash-4.c en Squashfs y sasquatch permite que atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de una entrada manipulada, lo que desencadena un desbordamiento de búfer basado en pila. • http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162171.html http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162226.html http://www.securityfocus.com/bid/75272 https://bugzilla.redhat.com/show_bug.cgi?id=1234886 https://github.com/devttys0/sasquatch/pull/5 https://github.com/plougher/squashfs-tools/commit/f95864afe8833fe3ad782d714b41378e860977b1 https://security.gentoo.org/glsa/201701-73 • CWE-190: Integer Overflow or Wraparound •
CVE-2016-1238
https://notcve.org/view.php?id=CVE-2016-1238
(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory. (1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL y (25) utils/splain.PL en Perl 5.x en versiones anteriores a 5.22.3-RC2 y 5.24 en versiones anteriores a 5.24.1 1-RC2 no elimina adecuadamente caracteres . (period) del final de la matriz de directorio incluida, lo que podría permitir a usuarios locales obtener privilegios a través de un módulo Troyano bajo el directorio de trabajo actual. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab http://www.debian.org/security/2016/dsa-3628 http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html http://www.securityfocus.com/bid/92136 http://www.securitytracker.com/id/1036440 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731 https://lists.apache.org/thread.html/7f6a16bc0fd0fd5 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-3192 – Framework: denial-of-service attack with XML input
https://notcve.org/view.php?id=CVE-2015-3192
Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file. Pivotal Spring Framework en versiones anteriores a 3.2.14 y 4.x en versiones anteriores a 4.1.7 no procesa correctamente las declaraciones DTD en línea cuando DTD no está completamente desactivado, lo que permite a atacantes remotos provocar una caída de servicio (consumo de memoria y errores fuera de rango) a través de un archivo XML manipulado. A denial of service flaw was found in the way Spring processes inline DTD declarations. A remote attacker could submit a specially crafted XML file that would cause out-of-memory errors when parsed. • http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162015.html http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162017.html http://pivotal.io/security/cve-2015-3192 http://rhn.redhat.com/errata/RHSA-2016-1592.html http://rhn.redhat.com/errata/RHSA-2016-1593.html http://rhn.redhat.com/errata/RHSA-2016-2035.html http://rhn.redhat.com/errata/RHSA-2016-2036.html http://www.securityfocus.com/bid/90853 http://www.securitytracker.com/id/1036587 ht • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-3146
https://notcve.org/view.php?id=CVE-2015-3146
The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet. Los manejadores de paquete (1) SSH_MSG_NEWKEYS y (2) SSH_MSG_KEXDH_REPLY en package_cb.c en libssh en versiones anteriores a 0.6.5 no valida correctamente el estado, lo que permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída) a través de un paquete SSH manipulado. • http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161802.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158013.html http://www.debian.org/security/2016/dsa-3488 http://www.ubuntu.com/usn/USN-2912-1 https://git.libssh.org/projects/libssh.git/commit/?h=libssh-0.6.5&id=94f6955fbaee6fda9385a23e505497efe21f5b4f https://www.libssh.org/2015/04/30/libssh-0-6-5-security-and-bugfix-release https://www.libssh.org/security/advisories/CVE-2015-3146.txt •
CVE-2015-6566
https://notcve.org/view.php?id=CVE-2015-6566
zarafa-autorespond in Zarafa Collaboration Platform (ZCP) before 7.2.1 allows local users to gain privileges via a symlink attack on /tmp/zarafa-vacation-*. zarafa-autorespond en Zarafa Collaboration Platform (ZCP) en versiones anteriores a 7.2.1 permite a usuarios locales obtener privilegios a través de un ataque de enlace simbólico en /tmp/zarafa-vacation-*. • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172605.html https://download.zarafa.com/community/final/7.2/final-changelog-7.2.txt https://jira.zarafa.com/browse/ZCP-13533 https://jira.zarafa.com/browse/ZCP-13572 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •