CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2016-7953 – Gentoo Linux Security Advisory 201704-03
https://notcve.org/view.php?id=CVE-2016-7953
01 Nov 2016 — Buffer underflow in X.org libXvMC before 1.0.10 allows remote X servers to have unspecified impact via an empty string. Desbordamiento inferior de búfer en X.org libXvMC en versiones anteriores a 1.0.10 permite a servidores remotos X tener un impacto no especificado a través de una cadena vacía. Multiple vulnerabilities have been found in X.Org server and libraries, the worse of which allowing local attackers to execute arbitrary code. Versions less than 1.19.2 are affected. • http://www.openwall.com/lists/oss-security/2016/10/04/2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 36EXPL: 0CVE-2016-9013 – Ubuntu Security Notice USN-3115-1
https://notcve.org/view.php?id=CVE-2016-9013
01 Nov 2016 — Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually specify a password in the database settings TEST dictionary. Django 1.8.x en versiones anteriores a 1.8.16, 1.9.x en versiones anteriores a 1.9.11 y 1.10.x en versiones anteriores a 1.10.3 utiliza una contraseña em... • http://www.debian.org/security/2017/dsa-3835 • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.1EPSS: 2%CPEs: 36EXPL: 0CVE-2016-9014 – Ubuntu Security Notice USN-3115-1
https://notcve.org/view.php?id=CVE-2016-9014
01 Nov 2016 — Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS. Django en versiones anteriores a 1.8.x en versiones anteriores a 1.8.16, 1.9.x en versiones anteriores a 1.9.11 y 1.10.x en versiones anteriores a 1.10.3 cuando settings.DEBUG es True, permiten a atacantes remotos llevar a cabo ataques de revinculación DNS a... • http://www.debian.org/security/2017/dsa-3835 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 94%CPEs: 41EXPL: 66CVE-2016-5195 – Linux Kernel Race Condition Vulnerability
https://notcve.org/view.php?id=CVE-2016-5195
20 Oct 2016 — Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW." La condición de carrera en mm / gup.c en el kernel de Linux 2.x a 4.x antes de 4.8.3 permite a los usuarios locales obtener privilegios aprovechando el manejo incorrecto de una función copy-on-write (COW) para escribir en un read- on... • https://packetstorm.news/files/id/139922 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2016-6323 – Ubuntu Security Notice USN-3239-3
https://notcve.org/view.php?id=CVE-2016-6323
07 Oct 2016 — The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation. La función makecontext en GNU C Library (también conocido como glibc o libc6) en versiones anteriores a 2.25 crea contexto de ejecución incompatibles con el desbobinador en ... • http://lists.opensuse.org/opensuse-updates/2016-10/msg00009.html • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 0CVE-2016-5177 – chromium-browser: use after free in v8
https://notcve.org/view.php?id=CVE-2016-5177
05 Oct 2016 — Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors. Vulnerabilidad de uso después de linberación en V8 en Google Chrome anterior a la versión 53.0.2785.143, permite a atacantes remotos provocar una denegación de servicio (bloqueo) o posiblemente tener otro impacto no especificado a través de vectores desconocidos. A use-after-free was discovered in the V8 bindings ... • http://lists.opensuse.org/opensuse-updates/2016-10/msg00000.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 8EXPL: 0CVE-2016-5178 – chromium-browser: various fixes from internal audits
https://notcve.org/view.php?id=CVE-2016-5178
05 Oct 2016 — Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome anterior a 53.0.2785.143 permiten a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos A use-after-free was discovered in the V8 bindings in Blink. If a user were tricked in to opening a specially crafted... • http://lists.opensuse.org/opensuse-updates/2016-10/msg00000.html • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2016-6153 – Ubuntu Security Notice USN-4019-2
https://notcve.org/view.php?id=CVE-2016-6153
26 Sep 2016 — os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files. os_unix.c en SQLite en versiones anteriores a 3.13.0 no implementa correctamente el algoritmo de búsqueda de directorio temporal, lo que podría permitir a usuarios locales obtener información sensibl... • http://lists.opensuse.org/opensuse-updates/2016-08/msg00053.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 1CVE-2016-7163 – openjpeg: Integer overflow in opj_pi_create_decode
https://notcve.org/view.php?id=CVE-2016-7163
21 Sep 2016 — Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write. Desbordamiento de entero en la función opj_pi_create_decode en pi.c en OpenJPEG permite a atacantes remotos ejecutar código arbitrario a través de un archivo JP2 manipulado, lo que desencadena una lectura o escritura fuera de límites. An integer overflow, leading to a heap buffer overflow, was found in OpenJPEG. An ... • http://rhn.redhat.com/errata/RHSA-2017-0559.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 2%CPEs: 4EXPL: 0CVE-2016-7167 – curl: escape and unescape integer overflows
https://notcve.org/view.php?id=CVE-2016-7167
16 Sep 2016 — Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow. Múltiples desbordamientos de entero en las funciones (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape y (4) curl_easy_unescape en libcurl en versiones anteriores a 7.50.3 permiten a atacantes tener impacto no especificado a tra... • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html • CWE-190: Integer Overflow or Wraparound •