CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2016-2347
https://notcve.org/view.php?id=CVE-2016-2347
Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive. Desbordamiento de enteros en la función decode_level3_header en lib/lha_file_header.c in Lhasa en versiones anteriores a 0.3.1 permite a los atacantes remotos ejecuta el código arbitrario a través de un archivo manipulado. • http://lists.opensuse.org/opensuse-updates/2016-04/msg00038.html http://lists.opensuse.org/opensuse-updates/2016-04/msg00039.html http://www.debian.org/security/2016/dsa-3540 http://www.talosintelligence.com/reports/TALOS-2016-0095 https://github.com/fragglet/lhasa/commit/6fcdb8f1f538b9d63e63a5fa199c5514a15d4564 https://github.com/fragglet/lhasa/releases/tag/v0.3.1 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 3%CPEs: 11EXPL: 0CVE-2016-3630
https://notcve.org/view.php?id=CVE-2016-3630
The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records. El decodificador delta binario en Mercurial en versiones anteriores a 3.7.3 permite a atacantes remotos ejecutar código arbitrario a través de un comando (1) clone, (2) push o (3) pull, relacionado con (a) un error de redondeo del tamaño de lista y (b) registros cortos. • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181505.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181542.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00043.html http://www.debian.org/security/2016/dsa-3542 http • CWE-19: Data Processing Errors •
CVSS: 8.8EPSS: 5%CPEs: 18EXPL: 0CVE-2016-3068 – mercurial: command injection via git subrepository urls
https://notcve.org/view.php?id=CVE-2016-3068
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository. Mercurial en versiones anteriores a 3.7.3 permite a atacantes remotos ejecutar código arbitrario a través de una URL git ext:: manipulada cuando se clona un subrepositorio. It was discovered that Mercurial failed to properly check Git sub-repository URLs. A Mercurial repository that includes a Git sub-repository with a specially crafted URL could cause Mercurial to execute arbitrary code. • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181505.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181542.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00043.html http://rhn.redhat.com/errata/RHSA-2016-0706.html&# • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 4%CPEs: 18EXPL: 0CVE-2016-3069 – mercurial: convert extension command injection via git repository names
https://notcve.org/view.php?id=CVE-2016-3069
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository. Mercurial en versiones anteriores a 3.7.3 permite a atacantes remotos ejecutar código arbitrario a través de un nombre manipulado cuando se convierte un repositorio Git. It was discovered that the Mercurial convert extension failed to sanitize special characters in Git repository names. A Git repository with a specially crafted name could cause Mercurial to execute arbitrary code when the Git repository was converted to a Mercurial repository. • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181505.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181542.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00043.html http://rhn.redhat.com/errata/RHSA-2016-0706.html&# • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 0CVE-2016-3679 – chromium-browser: multiple unspecified vulnerabilities
https://notcve.org/view.php?id=CVE-2016-3679
Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33, as used in Google Chrome before 49.0.2623.108, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google V8 en versiones anteriores a 4.9.385.33, tal como se utiliza en Google Chrome en versiones anteriores a 49.0.2623.108, permiten a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00039.html http://rhn.redhat.com/errata/RHSA-2016-0525.html http://www.securitytracker.com/id/1035423 http://www.ubuntu.com/usn/USN-2955-1 https://access.redhat.com/security/cve/CVE-2016-3679 https: •