CVE-2015-4645
https://notcve.org/view.php?id=CVE-2015-4645
Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input, which triggers a stack-based buffer overflow. Desbordamiento de enteros en la función read_fragment_table_4 en unsquash-4.c en Squashfs y sasquatch permite que atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de una entrada manipulada, lo que desencadena un desbordamiento de búfer basado en pila. • http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162171.html http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162226.html http://www.securityfocus.com/bid/75272 https://bugzilla.redhat.com/show_bug.cgi?id=1234886 https://github.com/devttys0/sasquatch/pull/5 https://github.com/plougher/squashfs-tools/commit/f95864afe8833fe3ad782d714b41378e860977b1 https://security.gentoo.org/glsa/201701-73 • CWE-190: Integer Overflow or Wraparound •
CVE-2016-2312
https://notcve.org/view.php?id=CVE-2016-2312
Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again. Desactivar todas las pantallas en Plasma-workspace y kscreenlocker mientras se muestra la pantalla de bloqueo puede resultar en el desbloqueo de la pantalla cuando se vuelva a encender una pantalla. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177454.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177557.html https://bugs.kde.org/show_bug.cgi?id=358125 https://bugzilla.opensuse.org/show_bug.cgi?id=964548 https://www.kde.org/info/security/advisory-20160209-1.txt • CWE-254: 7PK - Security Features •
CVE-2016-1544
https://notcve.org/view.php?id=CVE-2016-1544
nghttp2 before 1.7.1 allows remote attackers to cause a denial of service (memory exhaustion). nghttp2 versiones anteriores a 1.7.1, permite a atacantes remotos causar una denegación de servicio (agotamiento de la memoria). • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177308.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177666.html https://bugzilla.redhat.com/show_bug.cgi?id=1308461 https://github.com/nghttp2/nghttp2/compare/v1.7.0...v1.7.1 https://github.com/nghttp2/nghttp2/releases/tag/v1.7.1 https://security.gentoo.org/glsa/201612-13 • CWE-400: Uncontrolled Resource Consumption •
CVE-2016-0721 – pcs: cookies are not invalidated upon logout
https://notcve.org/view.php?id=CVE-2016-0721
Session fixation vulnerability in pcsd in pcs before 0.9.157. Vulnerabilidad de fijación de sesión en pcsd en pcs en versiones anteriores a 0.9.157. It was found that pcsd did not invalidate cookies on the server side when a user logged out. This could potentially allow an attacker to perform session fixation attacks on pcsd. • http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178261.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178384.html http://rhn.redhat.com/errata/RHSA-2016-2596.html http://www.securityfocus.com/bid/97977 https://bugzilla.redhat.com/show_bug.cgi?id=1299615 https://github.com/ClusterLabs/pcs/commit/acdbbe8307e6f4a36b2c7754765e732e43fe8d17 https://github.com/ClusterLabs/pcs/commit/bc6ad9086857559db57f4e3e6de66762291c0774 https://github.com/ClusterLabs/pcs/commit/e9b28833d54a47ec441f6 • CWE-384: Session Fixation •
CVE-2016-0720 – pcs: Cross-Site Request Forgery in web UI
https://notcve.org/view.php?id=CVE-2016-0720
Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149. Vulnerabilidad de CSRF en pcsd web UI en pcs en versiones anteriores a 0.9.149. A Cross-Site Request Forgery (CSRF) flaw was found in the pcsd web UI. A remote attacker could provide a specially crafted web page that, when visited by a user with a valid pcsd session, would allow the attacker to trigger requests on behalf of the user, for example removing resources or restarting/removing nodes. • http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178261.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178384.html http://rhn.redhat.com/errata/RHSA-2016-2596.html http://www.securityfocus.com/bid/97984 https://bugzilla.redhat.com/show_bug.cgi?id=1299614 https://github.com/ClusterLabs/pcs/commit/b9e7f061788c3b86a0c67d2d4158f067ec5eb625 https://access.redhat.com/security/cve/CVE-2016-0720 • CWE-352: Cross-Site Request Forgery (CSRF) •