CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0CVE-2016-7545 – policycoreutils: SELinux sandbox escape via TIOCSTI ioctl
https://notcve.org/view.php?id=CVE-2016-7545
14 Nov 2016 — SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. SELinux policycoreutils permite a usuarios locales ejecutar comandos arbitrarios fuera de la sandbox a través de una llamada ioctl TIOCSTI manipulada. It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context ... • http://rhn.redhat.com/errata/RHSA-2016-2702.html • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2016-5407 – Ubuntu Security Notice USN-5449-1
https://notcve.org/view.php?id=CVE-2016-5407
01 Nov 2016 — The (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXv before 1.0.11 allow remote X servers to trigger out-of-bounds memory access operations via vectors involving length specifications in received data. Las funciones (1) XvQueryAdaptors y (2) XvQueryEncodings en X.org libXv en versiones anteriores a 1.0.11 permiten a servidores remotos X para desencadenar operaciones de acceso a memoria fuera de rango a través de vectores que involucran especificaciones de longitud en los datos recibidos... • http://www.openwall.com/lists/oss-security/2016/10/04/2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 3%CPEs: 2EXPL: 0CVE-2016-7942 – Ubuntu Security Notice USN-3758-2
https://notcve.org/view.php?id=CVE-2016-7942
01 Nov 2016 — The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations. La función XGetImage en X.org libX11 en versiones anteriores a 1.6.4 podría permitir a servidores remotos X obtener privilegios a través de vectores que involucran tipo de imagen y geometría, que desencadena operaciones de lectura fuera de límites. Tobias Stoeckmann discovered that libx11 incorrectly handled certain i... • http://www.openwall.com/lists/oss-security/2016/10/04/2 • CWE-264: Permissions, Privileges, and Access Controls CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 3%CPEs: 2EXPL: 0CVE-2016-7943 – Ubuntu Security Notice USN-3758-2
https://notcve.org/view.php?id=CVE-2016-7943
01 Nov 2016 — The XListFonts function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving length fields, which trigger out-of-bounds write operations. La función XListFonts en X.org libX11 en versiones anteriores a 1.6.4 podría permitir a servidores remotos X obtener privilegios a través de vectores que involucran campos de longitud, que desencadena operaciones de escritura fuera de límites. Tobias Stoeckmann discovered that libx11 incorrectly handled certain images. An atta... • http://www.openwall.com/lists/oss-security/2016/10/04/2 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2016-7944 – Ubuntu Security Notice USN-5437-1
https://notcve.org/view.php?id=CVE-2016-7944
01 Nov 2016 — Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and get out of sync. Desbordamiento de entero en X.org libXfixes en versiones anteriores a 5.0.3 en plataformas 32-bit podría permitir a servidores remotos X obtener privilegios a través de un valor de longitud de INT_MAX, que desencadena que el cliente pare la lectura de datos y salga de la sincronización. Tobias S... • http://www.openwall.com/lists/oss-security/2016/10/04/2 • CWE-190: Integer Overflow or Wraparound CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2016-7945 – Ubuntu Security Notice USN-5646-1
https://notcve.org/view.php?id=CVE-2016-7945
01 Nov 2016 — Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields. Múltiples desbordamientos de entero en X.org libXi en versiones anteriores a 1.7.7 permite a servidores remotos X provocar una denegación de servicio (acceso de memoria fuera de datos o bucle infinito) a través de vectores que involucran campos de longitud. Tobias Stoeckmann discovered that libXi did not properly manage... • http://www.openwall.com/lists/oss-security/2016/10/04/2 • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-7946 – Gentoo Linux Security Advisory 201704-03
https://notcve.org/view.php?id=CVE-2016-7946
01 Nov 2016 — X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields. X.org libXi en versiones anteriores a 1.7.7 permite a servidores remotos X provocar una denegación de servicio (bucle infinito) a través de vectores que involucran campos de longitud. Multiple vulnerabilities have been found in X.Org server and libraries, the worse of which allowing local attackers to execute arbitrary code. Versions less than 1.19.2 are affected. • http://www.openwall.com/lists/oss-security/2016/10/04/2 • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 2%CPEs: 3EXPL: 0CVE-2016-7947 – Ubuntu Security Notice USN-5428-1
https://notcve.org/view.php?id=CVE-2016-7947
01 Nov 2016 — Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response. Múltiples desbordamientos de entero en X.org libXrandr en versiones anteriores a 1.5.1 permiten a servidores remotos X desencadenar operaciones de escritura fuera de límites a través de una respuesta manipulada. Tobias Stoeckmann discovered that libXrandr incorrectly handled certain responses. An attacker could possibly use this issue to cause a denial of servic... • http://www.openwall.com/lists/oss-security/2016/10/04/2 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 2%CPEs: 3EXPL: 0CVE-2016-7948 – Gentoo Linux Security Advisory 201704-03
https://notcve.org/view.php?id=CVE-2016-7948
01 Nov 2016 — X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data. X.org libXrandr en versiones anteriores a 1.5.1 permite a servidores remotos X desencadenar operaciones de escritura fuera de límites aprovechando el manejo incorrecto de datos de respuesta. Multiple vulnerabilities have been found in X.Org server and libraries, the worse of which allowing local attackers to execute arbitrary code. Versions less than 1.19.2 are affected. • http://www.openwall.com/lists/oss-security/2016/10/04/2 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 4%CPEs: 3EXPL: 0CVE-2016-7949 – Ubuntu Security Notice USN-5436-1
https://notcve.org/view.php?id=CVE-2016-7949
01 Nov 2016 — Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields. Múltiples desbordamientos de búfer en las funciones (1) XvQueryAdaptors y (2) XvQueryEncodings en X.org libXrender en versiones anteriores a 0.9.10 permite a servidores remotos X desencadenar operaciones de escritura fuera de límites a través de vectores que involucran campos de longitud... • http://www.openwall.com/lists/oss-security/2016/10/04/2 • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •