CVE-2016-0608 – mysql: unspecified vulnerability in subcomponent: Server: UDF (CPU January 2016)
https://notcve.org/view.php?id=CVE-2016-0608
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF. Vulnerabilidad no especificada en Oracle MySQL 5.5.46 y versiones anteriores, 5.6.27 y versiones anteriores y 5.7.9 y MariaDB en versiones anteriores a 5.5.47, 10.0.x en versiones anteriores a 10.0.23 y 10.1.x en versiones anteriores a 10.1.10 permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores relacionados con UDF. • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html http://rhn.redhat.com/errata/RHSA-2016-0534.html http: •
CVE-2015-8668 – libtiff: OOB read in bmp2tiff
https://notcve.org/view.php?id=CVE-2015-8668
Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a large width field in a BMP image. Desbordamiento de buffer basado en memoria dinámica en la función PackBitsPreEncode en tif_packbits.c en bmp2tiff en libtiff 4.0.6 y versiones anteriores permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio a través de un campo width grande en una imagen BMP. • http://packetstormsecurity.com/files/135080/libtiff-4.0.6-Heap-Overflow.html http://rhn.redhat.com/errata/RHSA-2016-1546.html http://rhn.redhat.com/errata/RHSA-2016-1547.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.securityfocus.com/archive/1/537208/100/0/threaded https://security.gentoo.org/glsa/201701-16 https://access.redhat.com/security/cve/CVE-2015-8 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2015-7529 – sos: Usage of predictable temporary files allows privilege escalation
https://notcve.org/view.php?id=CVE-2015-7529
sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date. sosreport en las versiones 3.x de SoS permite que usuarios locales ibtengan información sensible de archivos sosreport u obtener privilegios mediante un ataque de vínculo simbólico o un archivo de archivado en un directorio temporal. Esto lo demuestra sosreport-$hostname-$date.tar en /tmp/sosreport-$hostname-$date. An insecure temporary file use flaw was found in the way sos created certain sosreport files. A local attacker could possibly use this flaw to perform a symbolic link attack to reveal the contents of sosreport files, or in some cases modify arbitrary files and escalate their privileges on the system. • http://rhn.redhat.com/errata/RHSA-2016-0152.html http://rhn.redhat.com/errata/RHSA-2016-0188.html http://www.securityfocus.com/bid/83162 http://www.ubuntu.com/usn/USN-2845-1 https://access.redhat.com/errata/RHSA-2016:0152 https://access.redhat.com/errata/RHSA-2016:0188 https://bugzilla.redhat.com/show_bug.cgi?id=1282542 https://github.com/sosreport/sos/issues/696 https://access.redhat.com/security/cve/CVE-2015-7529 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-377: Insecure Temporary File •
CVE-2015-8327 – cups-filters: foomatic-rip did not consider the back tick as an illegal shell escape character
https://notcve.org/view.php?id=CVE-2015-8327
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job. Vulnerabilidad de lista negra incompleta en util.c en foomatic-rip en cups-filters 1.0.42 en versiones anteriores a 1.2.0 y en foomatic-filters en Foomatic 4.0.x permite a atacantes remotos ejecutar comandos arbitrarios a través de caracteres ` (acento grave) en un trabajo de impresión. It was discovered that foomatic-rip failed to remove all shell special characters from inputs used to construct command lines for external programs run by the filter. An attacker could possibly use this flaw to execute arbitrary commands. • http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7406 http://lists.opensuse.org/opensuse-updates/2016-01/msg00065.html http://rhn.redhat.com/errata/RHSA-2016-0491.html http://www.debian.org/security/2015/dsa-3411 http://www.debian.org/security/2015/dsa-3429 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/78524 htt • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2015-7512 – Qemu: net: pcnet: buffer overflow in non-loopback mode
https://notcve.org/view.php?id=CVE-2015-7512
Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet. Desbordamiento de buffer en la función pcnet_receive en hw/net/pcnet.c en QEMU, cuando un NIC invitado tiene un MTU más grande, permite a atacantes provocar una denegación de servicio (caída de SO invitado) o ejecutar código arbitrario a través de un paquete grande. A buffer overflow flaw was found in the way QEMU's AMD PC-Net II emulation validated certain received packets from a remote host in non-loopback mode. A remote, unprivileged attacker could potentially use this flaw to execute arbitrary code on the host with the privileges of the QEMU process. Note that to exploit this flaw, the guest network interface must have a large MTU limit. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=8b98a2f07175d46c3f7217639bd5e03f http://rhn.redhat.com/errata/RHSA-2015-2694.html http://rhn.redhat.com/errata/RHSA-2015-2695.html http://rhn.redhat.com/errata/RHSA-2015-2696.html http://www.debian.org/security/2016/dsa-3469 http://www.debian.org/security/2016/dsa-3470 http://www.debian.org/security/2016/dsa-3471 http://www.openwall.com/lists/oss-security/2015/11/30/3 http://www.oracle.com/technetwork/topics/securi • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow •