CVSS: 6.5EPSS: 1%CPEs: 15EXPL: 1CVE-2016-6170
https://notcve.org/view.php?id=CVE-2016-6170
ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message. ISC BIND hasta la versión 9.9.9-P1, 9.10.x hasta la versión 9.10.4-P1 y 9.11.x hasta la versión 9.11.0b1 permite a servidores DNS primarios provocar una denegación de servicio (caída de servidor DNS secundario) a través de una respuesta AXFR grande, y posiblemente permite a servidores IXFR provocar una denegación de servicio (caída de cliente IXFR) a través de una respuesta IXFR grande y permite a usuarios remotos autenticados provocar una denegación de servicio (caída de servidor DNS primario) a través de un mensaje UPDATE grande. • http://www.openwall.com/lists/oss-security/2016/07/06/3 http://www.securityfocus.com/bid/91611 http://www.securitytracker.com/id/1036241 https://bugzilla.redhat.com/show_bug.cgi?id=1353563 https://github.com/sischkg/xfer-limit/blob/master/README.md https://kb.isc.org/article/AA-01390 https://kb.isc.org/article/AA-01390/169/CVE-2016-6170 https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html https://lists.dns-oarc.net/pipermail/dns-operations&# • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 24%CPEs: 62EXPL: 2CVE-2016-5766 – gd: Integer overflow in _gd2GetHeader() resulting in heap overflow
https://notcve.org/view.php?id=CVE-2016-5766
Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image. Desbordamiento de entero en la función _gd2GetHeader en gd_gd2.c en la GD Graphics Library (también conocido como libgd) en versiones anteriores a 2.2.3, como se utiliza en PHP en versiones anteriores a 5.5.37, 5.6.x en versiones anteriores a 5.6.23 y 7.x en versiones anteriores a 7.0.8, permite a atacantes remotos provocar una denegación de servicio (desbordamiento de búfer basado en memoria dinámica y caída de aplicación) o posiblemente tener otro impacto no especificado a través de dimensiones del pedazo en una imagen manipulada. An integer overflow flaw, leading to a heap-based buffer overflow was found in the imagecreatefromgd2() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application using gd via a specially crafted GD2 image. • http://github.com/php/php-src/commit/7722455726bec8c53458a32851d2a87982cf0eac?w=1 http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00025.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://rhn.redhat.com/errata/RHSA-2016-2598.html http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.debian.org/securit • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2016-2141 – JGroups: Authorization bypass
https://notcve.org/view.php?id=CVE-2016-2141
It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks. JGroups en versiones anteriores a 4.0 no solicita las cabeceras adecuadas para los protocolos ENCRYPT y AUTH desde los nodos uniéndose al grupo, lo que permite a atacantes remotos eludir las restricciones de seguridad y enviar y recibir mensajes dentro del grupo a través de vectores no especificados. • http://rhn.redhat.com/errata/RHSA-2016-1435.html http://rhn.redhat.com/errata/RHSA-2016-1439.html http://rhn.redhat.com/errata/RHSA-2016-2035.html http://www.securityfocus.com/bid/91481 http://www.securitytracker.com/id/1036165 https://access.redhat.com/errata/RHSA-2016:1345 https://access.redhat.com/errata/RHSA-2016:1346 https://access.redhat.com/errata/RHSA-2016:1347 https://access.redhat.com/errata/RHSA-2016:1374 https://access.redhat.com/errata/RHSA-2016:1376& •
CVSS: 5.4EPSS: 0%CPEs: 11EXPL: 0CVE-2016-4428 – python-django-horizon: XSS in client side template
https://notcve.org/view.php?id=CVE-2016-4428
Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form. Vulnerabilidad de XSS en OpenStack Dashboard (Horizon) 8.0.1 y versiones anteriores y 9.0.0 hasta la versión 9.0.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrario inyectando una plantilla AngularJS en un formulario del cuadro de mandos. A DOM-based, cross-site scripting vulnerability was found in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form (for example, using an image's description), triggering the vulnerability when another user browsed the affected page. As a result, this flaw could result in user accounts being compromised (for example, user-access credentials being stolen). • http://www.debian.org/security/2016/dsa-3617 http://www.openwall.com/lists/oss-security/2016/06/17/4 https://access.redhat.com/errata/RHSA-2016:1268 https://access.redhat.com/errata/RHSA-2016:1269 https://access.redhat.com/errata/RHSA-2016:1270 https://access.redhat.com/errata/RHSA-2016:1271 https://access.redhat.com/errata/RHSA-2016:1272 https://bugs.launchpad.net/horizon/+bug/1567673 https://review.openstack.org/329996 https://review.openstack.org/329997 https&# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 19EXPL: 0CVE-2016-2150 – spice: Host memory access from guest with invalid primary surface parameters
https://notcve.org/view.php?id=CVE-2016-2150
SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261. SPICE permite a usuarios invitados locales del sistema operativo leer de o escribir a localizaciones de memoria de acogidas arbitrarias a través de parámetros de superficie primaria manipulados, un problema similar a CVE-2015-5261. A memory access flaw was found in the way spice handled certain guests using crafted primary surface parameters. A user in a guest could use this flaw to read from and write to arbitrary memory locations on the host. • http://lists.opensuse.org/opensuse-updates/2016-07/msg00003.html http://lists.opensuse.org/opensuse-updates/2016-07/msg00004.html http://www.debian.org/security/2016/dsa-3596 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.ubuntu.com/usn/USN-3014-1 https://access.redhat.com/errata/RHSA-2016:1204 https://access.redhat.com/errata/RHSA-2016:1205 https://bugzilla.redhat.com/show_bug.cgi?id=1313496 https://security.gentoo.org/glsa/201606& • CWE-284: Improper Access Control •