CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2016-7950 – Gentoo Linux Security Advisory 201704-03
https://notcve.org/view.php?id=CVE-2016-7950
01 Nov 2016 — The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths. La función XRenderQueryFilters en X.org libXrender en versiones anteriores a 0.9.10 permite a servidores remotos X desencadenar operaciones de escritura fuera de límites a través de vectores que involucran la longitud de los nombres de filtro. Multiple vulnerabilities have been found in X.Org server and libraries, the worse of which a... • http://www.openwall.com/lists/oss-security/2016/10/04/2 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2016-7951 – Slackware Security Advisory - x11 Updates
https://notcve.org/view.php?id=CVE-2016-7951
01 Nov 2016 — Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks. Múltiples desbordamientos de entero en X.org libXtst en versiones anteriores a 1.2.3 permiten a servidores remotos X desencadenar operaciones de acceso a memoria fuera de límites aprovechando la falta de controles de alcance. New x11 packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issue... • http://www.openwall.com/lists/oss-security/2016/10/04/2 • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-7952 – Slackware Security Advisory - x11 Updates
https://notcve.org/view.php?id=CVE-2016-7952
01 Nov 2016 — X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data. X.org libXtst en versiones anteriores a 1.2.3 permite a servidores remotos X provocar una denegación de servicio (bucle infinito) a través de una respuesta en la categoría (1) XRecordStartOfData, (2) XRecordEndOfData o (3) XRecordClientDied sin una secuencia cliente ... • http://www.openwall.com/lists/oss-security/2016/10/04/2 • CWE-20: Improper Input Validation CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2016-7953 – Gentoo Linux Security Advisory 201704-03
https://notcve.org/view.php?id=CVE-2016-7953
01 Nov 2016 — Buffer underflow in X.org libXvMC before 1.0.10 allows remote X servers to have unspecified impact via an empty string. Desbordamiento inferior de búfer en X.org libXvMC en versiones anteriores a 1.0.10 permite a servidores remotos X tener un impacto no especificado a través de una cadena vacía. Multiple vulnerabilities have been found in X.Org server and libraries, the worse of which allowing local attackers to execute arbitrary code. Versions less than 1.19.2 are affected. • http://www.openwall.com/lists/oss-security/2016/10/04/2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 36EXPL: 0CVE-2016-9013 – Ubuntu Security Notice USN-3115-1
https://notcve.org/view.php?id=CVE-2016-9013
01 Nov 2016 — Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually specify a password in the database settings TEST dictionary. Django 1.8.x en versiones anteriores a 1.8.16, 1.9.x en versiones anteriores a 1.9.11 y 1.10.x en versiones anteriores a 1.10.3 utiliza una contraseña em... • http://www.debian.org/security/2017/dsa-3835 • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.1EPSS: 2%CPEs: 36EXPL: 0CVE-2016-9014 – Ubuntu Security Notice USN-3115-1
https://notcve.org/view.php?id=CVE-2016-9014
01 Nov 2016 — Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS. Django en versiones anteriores a 1.8.x en versiones anteriores a 1.8.16, 1.9.x en versiones anteriores a 1.9.11 y 1.10.x en versiones anteriores a 1.10.3 cuando settings.DEBUG es True, permiten a atacantes remotos llevar a cabo ataques de revinculación DNS a... • http://www.debian.org/security/2017/dsa-3835 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 94%CPEs: 41EXPL: 66CVE-2016-5195 – Linux Kernel Race Condition Vulnerability
https://notcve.org/view.php?id=CVE-2016-5195
20 Oct 2016 — Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW." La condición de carrera en mm / gup.c en el kernel de Linux 2.x a 4.x antes de 4.8.3 permite a los usuarios locales obtener privilegios aprovechando el manejo incorrecto de una función copy-on-write (COW) para escribir en un read- on... • https://packetstorm.news/files/id/139922 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-7966 – Ubuntu Security Notice USN-3100-1
https://notcve.org/view.php?id=CVE-2016-7966
12 Oct 2016 — Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available HTML functionality. Although it is possible to include an HTML comment indicator to hide content. A través de una URL maliciosa que contenía un caracter de comillas era posible inyectar código HTML en el visor de texto plano de KMail. ... • http://lists.opensuse.org/opensuse-updates/2016-10/msg00065.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2016-6323 – Ubuntu Security Notice USN-3239-3
https://notcve.org/view.php?id=CVE-2016-6323
07 Oct 2016 — The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation. La función makecontext en GNU C Library (también conocido como glibc o libc6) en versiones anteriores a 2.25 crea contexto de ejecución incompatibles con el desbobinador en ... • http://lists.opensuse.org/opensuse-updates/2016-10/msg00009.html • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 0CVE-2016-5177 – chromium-browser: use after free in v8
https://notcve.org/view.php?id=CVE-2016-5177
05 Oct 2016 — Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors. Vulnerabilidad de uso después de linberación en V8 en Google Chrome anterior a la versión 53.0.2785.143, permite a atacantes remotos provocar una denegación de servicio (bloqueo) o posiblemente tener otro impacto no especificado a través de vectores desconocidos. A use-after-free was discovered in the V8 bindings ... • http://lists.opensuse.org/opensuse-updates/2016-10/msg00000.html • CWE-416: Use After Free •