CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-3674 – XStream: enabled processing of external entities
https://notcve.org/view.php?id=CVE-2016-3674
Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver, and (7) WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document. Múltiples vulnerabilidades de entidad externa (XXE) en (1) Dom4JDriver, (2) DomDriver, (3) JDom Driver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver y (7) WstxDriver drivers en XStream en versiones anteriores a 1.4.9 permiten a atacantes remotos leer archivos arbitrarios a través de un documento XML manipulado. It was found that several XML parsers used by XStream had default settings that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks. • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183180.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183208.html http://rhn.redhat.com/errata/RHSA-2016-2822.html http://rhn.redhat.com/errata/RHSA-2016-2823.html http://www.debian.org/security/2016/dsa-3575 http://www.openwall.com/lists/oss-security/2016/03/25/8 http://www.openwall.com/lists/oss-security/2016/03/28/1 http://www.securityfocus.com/bid/85381 http://www.se • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.6EPSS: 3%CPEs: 11EXPL: 0CVE-2016-4001
https://notcve.org/view.php?id=CVE-2016-4001
Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cause a denial of service (QEMU crash) via a large packet. Desbordamiento de buffer en la función stellaris_enet_receive en hw/net/stellaris_enet.c en QEMU, cuando el controlador ethernet Stellaris está configurado para aceptar paquetes grandes, permite a atacantes remotos provocar una denegación de servicio (caída de QEMU) a través de un paquete grande. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3a15cc0e1ee7168db0782133d2607a6bfa422d66 http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183275.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183350.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184209.html http://www.openwall.com/lists/oss-security/2016/04/11/4 http://www.openwall.com/lists/oss-security/2016/04/12/6 http://www.securityfocus.com/bid/85976 http://www.ubun • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.0EPSS: 0%CPEs: 12EXPL: 0CVE-2016-4037
https://notcve.org/view.php?id=CVE-2016-4037
The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558. La función ehci_advance_state en hw/usb/hcd-ehci.c en QEMU permite a administradores de SO locales invitados provocar una denegación de servicio (bucle infinito y consumo de CPU) a través de una lista siTD (de descriptor de transferencia isócrona dividida) circular, problema relacionado con CVE-2015-8558. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=1ae3f2f178087711f9591350abad133525ba93f2 http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183275.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183350.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184209.html http://www.openwall.com/lists/oss-security/2016/04/18/3 http://www.openwall.com/lists/oss-security/2016/04/18/6 http://www.securityfocus.com/bid/86283 http://www.ubun • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.9EPSS: 23%CPEs: 9EXPL: 0CVE-2016-4008
https://notcve.org/view.php?id=CVE-2016-4008
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate. La función _asn1_extract_der_octet en lib/decoding.c en GNU Libtasn1 en versiones anteriores a 4.8, cuando se utiliza sin el indicador ASN1_DECODE_FLAG_STRICT_DER, permite a atacantes remotos provocar una denegación de servicio (recursión infinita) a través de un certificado manipulado. • http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=a6e0a0b58f5cdaf4e9beca5bce69c09808cbb625 http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=f435825c0f527a8e52e6ffbc3ad0bc60531d537e http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182299.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182907.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183221.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00047.html http:/ • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 5%CPEs: 9EXPL: 0CVE-2016-4002
https://notcve.org/view.php?id=CVE-2016-4002
Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes. Desbordamiento de buffer en la función mipsnet_receive en hw/net/mipsnet.c en QEMU, cuando el NIC invitado se configura para aceptar paquetes grandes, permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de QEMU) o posiblemente ejecutar código arbitrario a través de un paquete de más de 1514 bytes. • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183275.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183350.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184209.html http://www.openwall.com/lists/oss-security/2016/04/11/6 http://www.openwall.com/lists/oss-security/2016/04/12/7 http://www.securityfocus.com/bid/85992 http://www.ubuntu.com/usn/USN-2974-1 https://bugzilla.redhat.com/show_bug.cgi?id=1326082 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •