CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2015-8948
https://notcve.org/view.php?id=CVE-2015-8948
idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read. idn en GNU libidn en versiones anteriores a 1.33 podría permitir a atacantes remotos obtener información de memoria sensible mediante la lectura de un byte cero como entrada, lo que desencadena una lectura fuera de rango. • http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=570e68886c41c2e765e6218cb317d9a9a447a041 http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html http://www.debian.org/security/2016/dsa-3658 http://www.openwall.com/lists/oss-security/2016/07/20/6 http://www.openwall.com/lists/oss-security/2016/07/21/4 http://www.securityfocus.com/bid/92070 http://www.ubuntu.com/usn/USN-3068-1 https://lists& • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2016-6261
https://notcve.org/view.php?id=CVE-2016-6261
The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input. La función idna_to_ascii_4i en lib/idna.c en libidn en versiones anteriores a 1.33 permite a atacantes dependientes del contexto provocar una denegación de servicio (lectura fuera de límites y caída) a través de 64 bytes de entrada. • http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297eee307dddaf0f92ac72d http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html http://www.debian.org/security/2016/dsa-3658 http://www.openwall.com/lists/oss-security/2016/07/20/6 http://www.openwall.com/lists/oss-security/2016/07/21/4 http://www.securityfocus.com/bid/92070 http://www.ubuntu.com/usn/USN-3068-1 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cis • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2016-6262
https://notcve.org/view.php?id=CVE-2016-6262
idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948. idn en libidn en versiones anteriores a 1.33 podría permitir a atacantes remotos obtener información de memoria sensible mediante la lectura de un byte cero como entrada, lo que desencadena una lectura fuera de límites, una vulnerabilidad diferente a CVE-2015-8948. • http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60 http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html http://www.openwall.com/lists/oss-security/2016/07/20/6 http://www.openwall.com/lists/oss-security/2016/07/21/4 http://www.securityfocus.com/bid/92070 http://www.ubuntu.com/usn/USN-3068-1 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 2%CPEs: 29EXPL: 2CVE-2016-6855 – Eye of Gnome 3.10.2 - GMarkup Out of Bounds Write
https://notcve.org/view.php?id=CVE-2016-6855
Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup. Eye of GNOME (también conocido como eog) 3.16.5, 3.17.x, 3.18.x en versiones anteriores a 3.18.3, 3.19.x y 3.20.x en versiones anteriores a 3.20.4, cuando es utilizado con glib en versiones anteriores a 2.44.1, permiten a atacantes remotos provocar una denegación de servicio (escritura fuera de límites y caída) a través de vectores que involucran paso UTF-8 inválido para GMarkup. Gnome Eye of Gnome version 3.10.2 suffers from an out-of-bounds write vulnerability. • https://www.exploit-db.com/exploits/40291 http://lists.opensuse.org/opensuse-updates/2016-09/msg00021.html http://packetstormsecurity.com/files/138486/Gnome-Eye-Of-Gnome-3.10.2-Out-Of-Bounds-Write.html http://www.securityfocus.com/bid/92616 http://www.ubuntu.com/usn/USN-3069-1 https://bugzilla.gnome.org/show_bug.cgi?id=770143 https://git.gnome.org/browse/eog/commit/?id=e99a8c00f959652fe7c10e2fa5a3a7a5c25e6af4 https://git.gnome.org/browse/eog/plain/NEWS?h=3.16.5 https:/& • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-5420 – curl: Re-using connection with wrong client cert
https://notcve.org/view.php?id=CVE-2016-5420
curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate. curl y libcurl en versiones anteriores a 7.50.1 no verifica el certificado de cliente cuando se está escogiendo la conexión TLS para reutilizar, lo que podría permitir a atacantes remotos secuestrar la autenticación de la conexión aprovechando una conexión previamente creada con un certificado de cliente diferente. It was found that the libcurl library did not check the client certificate when choosing the TLS connection to reuse. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate. • http://lists.opensuse.org/opensuse-updates/2016-09/msg00011.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html http://rhn.redhat.com/errata/RHSA-2016-2575.html http://rhn.redhat.com/errata/RHSA-2016-2957.html http://www.debian.org/security/2016/dsa-3638 http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/92309 http://www.securitytracker.com/id/1036537 http://www.securitytracker.com/id/1036739 http:// • CWE-285: Improper Authorization CWE-295: Improper Certificate Validation •