CVSS: 9.8EPSS: 1%CPEs: 8EXPL: 0CVE-2016-5178 – chromium-browser: various fixes from internal audits
https://notcve.org/view.php?id=CVE-2016-5178
05 Oct 2016 — Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome anterior a 53.0.2785.143 permiten a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos A use-after-free was discovered in the V8 bindings in Blink. If a user were tricked in to opening a specially crafted... • http://lists.opensuse.org/opensuse-updates/2016-10/msg00000.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-6494
https://notcve.org/view.php?id=CVE-2016-6494
03 Oct 2016 — The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files. El cliente en MongoDB utiliza permisos accesibles a todos en archivos históricos .dbshell, lo que podría permitir a usuarios locales obtener información sensible leyendo estos archivos. • http://www.openwall.com/lists/oss-security/2016/07/29/4 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 1%CPEs: 36EXPL: 0CVE-2016-7405 – Ubuntu Security Notice USN-6825-1
https://notcve.org/view.php?id=CVE-2016-7405
03 Oct 2016 — The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting. El método qstr en el controlador PDO en el ADOdb Library para PHP en versiones anteriores a 5.x en versiones anteriores a 5.20.7 podría permitir a atacantes llevar a cabo ataques de inyección SQL a través de vectores relacionados con una citación incorrecta. It was discovered that the PDO driver in ADOdb was incorrectl... • http://www.openwall.com/lists/oss-security/2016/09/07/8 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 1CVE-2016-7163 – openjpeg: Integer overflow in opj_pi_create_decode
https://notcve.org/view.php?id=CVE-2016-7163
21 Sep 2016 — Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write. Desbordamiento de entero en la función opj_pi_create_decode en pi.c en OpenJPEG permite a atacantes remotos ejecutar código arbitrario a través de un archivo JP2 manipulado, lo que desencadena una lectura o escritura fuera de límites. An integer overflow, leading to a heap buffer overflow, was found in OpenJPEG. An ... • http://rhn.redhat.com/errata/RHSA-2017-0559.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 2%CPEs: 4EXPL: 0CVE-2016-7167 – curl: escape and unescape integer overflows
https://notcve.org/view.php?id=CVE-2016-7167
16 Sep 2016 — Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow. Múltiples desbordamientos de entero en las funciones (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape y (4) curl_easy_unescape en libcurl en versiones anteriores a 7.50.3 permiten a atacantes tener impacto no especificado a tra... • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 6%CPEs: 5EXPL: 0CVE-2016-5157 – chromium-browser: heap overflow in pdfium
https://notcve.org/view.php?id=CVE-2016-5157
11 Sep 2016 — Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data. Desbordamiento de búfer basado en memoria dinámica en la función opj_dwt_interleave_v en dwt.c en OpenJPEG, tal como se utiliza en PDFium en Google Chrome en versiones anteriores a 53.0.2785.89 en Windows y SO X y en v... • http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2016-5404 – ipa: Insufficient privileges check in certificate revocation
https://notcve.org/view.php?id=CVE-2016-5404
01 Sep 2016 — The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission. El comando cert_revoke en FreeIPA no realiza comprobaciones para el permiso "certificado de revocación", lo que permite a usuarios remotos autenticados revocar certificados arbitrarios aprovechando el permiso "certificado de recuperación". An insufficient permission check issue was found in the... • http://rhn.redhat.com/errata/RHSA-2016-1797.html • CWE-284: Improper Access Control CWE-285: Improper Authorization •
CVSS: 4.9EPSS: 13%CPEs: 7EXPL: 0CVE-2016-3320
https://notcve.org/view.php?id=CVE-2016-3320
09 Aug 2016 — Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow attackers to bypass the Secure Boot protection mechanism by leveraging (1) administrative or (2) physical access to install a crafted boot manager, aka "Secure Boot Security Feature Bypass." Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 permiten a atacantes eludir el mecanismo de protección Secure Boot aprovechando el acceso (1) administrativo o (2... • http://www.securityfocus.com/bid/92304 • CWE-254: 7PK - Security Features •
CVSS: 7.8EPSS: 0%CPEs: 253EXPL: 0CVE-2016-1238 – Gentoo Linux Security Advisory 201812-07
https://notcve.org/view.php?id=CVE-2016-1238
25 Jul 2016 — (1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Modul... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 1%CPEs: 9EXPL: 0CVE-2016-2090 – Ubuntu Security Notice USN-4243-1
https://notcve.org/view.php?id=CVE-2016-2090
20 Jul 2016 — Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow. Vulnerabilidad de error por un paso en la función fgetwln en libbsd en versiones anteriores a 0.8.2 permite a atacantes tener un impacto no especificado a través de vectores desconocidos, lo que desencadena un desbordamiento de búfer basado en memoria dinámica. It was discovered that libbsd incorrectly handled certain inputs. An ... • http://www.openwall.com/lists/oss-security/2016/01/28/5 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •