CVSS: 5.9EPSS: 8%CPEs: 37EXPL: 0CVE-2016-4955 – Ubuntu Security Notice USN-3096-1
https://notcve.org/view.php?id=CVE-2016-4955
06 Jun 2016 — ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time. ntpd en NTP 4.x en versiones anteriores a 4.2.8p8, cuando está habilitada la autoclave, permite a atacantes remotos provocar una denegación de servicio (limpiando el par variable y corte de asociación) enviando (1) un paquete crypto-NAK manipulado ... • http://bugs.ntp.org/3043 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.3EPSS: 3%CPEs: 37EXPL: 0CVE-2016-4956 – HPE Security Bulletin HPESBHF03757 1
https://notcve.org/view.php?id=CVE-2016-4956
06 Jun 2016 — ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548. ntpd en NTP 4.x en versiones anteriores a 4.2.8p8 permite a atacantes remotos provocar una denegación de servicio (transición de modo intercalado y cambio de hora) a través de un paquete de difusión manipulado. NOTA: esta vulnerabilidad existe debido a una solución inco... • http://bugs.ntp.org/3042 •
CVSS: 7.5EPSS: 62%CPEs: 14EXPL: 0CVE-2016-4957 – HPE Security Bulletin HPESBHF03757 1
https://notcve.org/view.php?id=CVE-2016-4957
06 Jun 2016 — ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547. ntpd en NTP en versiones anteriores a 4.2.8p8 permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de un paquete crypto-NAK. NOTA: esta vulnerabilidad existe debido a una solución incorrecta para CVE-2016-1547. Potential security vulnerabilities with NTP have been addresse... • http://bugs.ntp.org/3046 • CWE-476: NULL Pointer Dereference •
CVSS: 6.2EPSS: 0%CPEs: 21EXPL: 0CVE-2016-4482 – Ubuntu Security Notice USN-3016-4
https://notcve.org/view.php?id=CVE-2016-4482
23 May 2016 — The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call. La función proc_connectinfo en drivers/usb/core/devio.c en el kernel de Linux hasta la versión 4.6 no inicializa una estructura de datos determinada, lo que permite a usuarios locales obtener información sensible del kernel de memoria de pila a tr... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=681fef8380eb818c0b845fca5d2ab1dcbab114ee • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.3EPSS: 0%CPEs: 20EXPL: 2CVE-2016-4486 – Linux Kernel 4.4 - 'rtnetlink' Stack Memory Disclosure
https://notcve.org/view.php?id=CVE-2016-4486
23 May 2016 — The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message. La función rtnl_fill_link_ifmap en net/core/rtnetlink.c en el kernel de Linux en versiones anteriores a 4.5.5 no inicializa una estructura de datos determinada, lo que permite a usuarios locales obtener información sensible del kernel de memoria de pila leyendo u... • https://packetstorm.news/files/id/150840 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 0CVE-2016-4569 – kernel: Information leak in Linux sound module in timer.c
https://notcve.org/view.php?id=CVE-2016-4569
23 May 2016 — The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface. La función snd_timer_user_params en sound/core/timer.c en el kernel de Linux hasta la versión 4.6 no inicializa una estructura de datos determinada, lo que permite a usuarios locales obtener información sensible del kernel de memoria de pila a través... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-665: Improper Initialization •
CVSS: 7.8EPSS: 0%CPEs: 29EXPL: 0CVE-2016-4805 – Ubuntu Security Notice USN-3021-2
https://notcve.org/view.php?id=CVE-2016-4805
23 May 2016 — Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions. Vulnerabilidad de uso después de liberación de memoria en drivers/net/ppp/ppp_generic.c en el kernel de Linux en versiones anteriores a 4.5.2 permite a usuarios local... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1f461dcdd296eecedaffffc6bae2bfa90bd7eb89 • CWE-416: Use After Free •
CVSS: 4.9EPSS: 0%CPEs: 13EXPL: 0CVE-2016-3689 – Ubuntu Security Notice USN-2970-1
https://notcve.org/view.php?id=CVE-2016-3689
02 May 2016 — The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface. La función ims_pcu_parse_cdc_data en drivers/input/misc/ims-pcu.c en el kernel de Linux en versiones anteriores a 4.5.1 permite a atacantes físicamente próximos provocar una denegación de servicio (caída de sistema) a través de un dispositivo USB sin interfaz para un... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a0ad220c96692eda76b2e3fd7279f3dcd1d8a8ff •
CVSS: 4.9EPSS: 0%CPEs: 15EXPL: 0CVE-2016-3951 – Ubuntu Security Notice USN-3002-1
https://notcve.org/view.php?id=CVE-2016-3951
02 May 2016 — Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor. Vulnerabilidad de liberación de memoria doble en drivers/net/usb/cdc_ncm.c en el kernel de Linux en versiones anteriores a 4.5 permite a atacantes físicamente próximos provocar una denegación de servicio (caída de sistema) o posiblemente tener ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1666984c8625b3db19a9abc298931d35ab7bc64b •
CVSS: 8.1EPSS: 0%CPEs: 32EXPL: 0CVE-2016-0363 – JDK: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix
https://notcve.org/view.php?id=CVE-2016-0363
30 Apr 2016 — The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.... • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html • CWE-20: Improper Input Validation •