CVSS: 10.0EPSS: 74%CPEs: 24EXPL: 0CVE-2016-5118 – ImageMagick: Remote code execution via filename
https://notcve.org/view.php?id=CVE-2016-5118
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. La función OpenBlob en blob.c en GraphicsMagick en versiones anteriores a 1.3.24 y ImageMagick permite a atacantes remotos ejecutar código arbitrario a través del caractér | (tubería) en el inicio del nombre de archivo. It was discovered that ImageMagick did not properly sanitize certain input before using it to invoke processes. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. • http://git.imagemagick.org/repos/ImageMagick/commit/40639d173aa8c76b850d625c630b711fee4dcfb8 http://hg.code.sf.net/p/graphicsmagick/code/file/41876934e762/ChangeLog http://hg.code.sf.net/p/graphicsmagick/code/rev/ae3928faa858 http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg0002 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2016-4478
https://notcve.org/view.php?id=CVE-2016-4478
Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows remote attackers to cause a denial of service via vectors related to XMLRPC response encoding. Desbordamiento del buffer en la función xmlrpc_char_encode en modules/transport/xmlrpc/xmlrpclib.c en Atheme en versiones anteriores a 7.2.7 permite a atacantes remotos provocar una caída de servicio a través de vectores relacionados con la codificación de la respuesta XMLRPC. • http://lists.opensuse.org/opensuse-updates/2016-05/msg00061.html http://www.debian.org/security/2016/dsa-3586 http://www.openwall.com/lists/oss-security/2016/05/02/2 http://www.openwall.com/lists/oss-security/2016/05/03/1 https://github.com/atheme/atheme/commit/87580d767868360d2fed503980129504da84b63e • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 0CVE-2016-4049 – quagga: denial of service vulnerability in BGP routing daemon
https://notcve.org/view.php?id=CVE-2016-4049
The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet. La función bgp_dump_routes_func en bgpd/bgp_dump.c en Quagga no lleva a cabo comprobaciones de tamaño cuando hay datos de envío, lo que podría permitir a atacantes remotos provocar una denegación de servicio (fallo de aserción y caída de demonio) a través de un paquete grande BGP. A denial of service flaw was found in the Quagga BGP routing daemon (bgpd). Under certain circumstances, a remote attacker could send a crafted packet to crash the bgpd daemon resulting in denial of service. • http://lists.opensuse.org/opensuse-updates/2016-05/msg00062.html http://rhn.redhat.com/errata/RHSA-2017-0794.html http://www.debian.org/security/2016/dsa-3654 http://www.openwall.com/lists/oss-security/2016/04/27/7 http://www.securityfocus.com/bid/88561 http://www.securitytracker.com/id/1035699 https://lists.quagga.net/pipermail/quagga-dev/2016-February/014743.html https://lists.quagga.net/pipermail/quagga-dev/2016-January/014699.html https://security.gentoo.org/glsa/20 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 0CVE-2016-3959 – golang: infinite loop in several big integer routines
https://notcve.org/view.php?id=CVE-2016-3959
The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries. La función Verify en crypto/dsa/dsa.go en Go en versiones anteriores a 1.5.4 y 1.6.x en versiones anteriores a 1.6.1 no comprueba correctamente los parámetros pasados a la gran librería de entero, lo que podría permitir a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de una clave pública manipulada a un programa que usa certificados de clientes HTTPS o servidores de librerías SSH. A denial of service vulnerability was found in Go's verification of DSA public keys. An attacker could provide a crafted key to HTTPS client or SSH server libraries which would cause the application to enter an infinite loop. • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182526.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183106.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183137.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00077.html http://rhn.redhat.com/errata/RHSA-2016-1538.html http://www.openwall.com/lists/oss-security/2016/04/05/1 http://www.openwall.com/lists/oss-security/2016/04/05/2 https://go-review& • CWE-20: Improper Input Validation CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 1CVE-2016-4578 – Linux Kernel 4.4 (Ubuntu 16.04) - 'snd_timer_user_ccallback()' Kernel Pointer Leak
https://notcve.org/view.php?id=CVE-2016-4578
sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions. sound/core/timer.c en el kernel de Linux hasta la versión 4.6 no inicializa determinadas estructuras de datos r1, lo que permite a usuarios locales obtener información sensible del kernel de memoria de pila a través del uso manipulado de la interfaz ALSA timer, relacionado con las funciones (1) snd_timer_user_ccallback y (2) snd_timer_user_tinterrupt. A vulnerability was found in Linux kernel. There is an information leak in file sound/core/timer.c of the latest mainline Linux kernel. The stack object “r1” has a total size of 32 bytes. Its field “event” and “val” both contain 4 bytes padding. • https://www.exploit-db.com/exploits/46529 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e4ec8cc8039a7063e24204299b462bd1383184a5 http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html http://lists.opens • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-665: Improper Initialization •