CVSS: 8.8EPSS: 2%CPEs: 7EXPL: 0CVE-2016-1655 – chromium-browser: use-after-free related to extensions
https://notcve.org/view.php?id=CVE-2016-1655
Google Chrome before 50.0.2661.75 does not properly consider that frame removal may occur during callback execution, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted extension. Google Chrome en versiones anteriores a 50.0.2661.75 no considera correctamente que la eliminación de tramas pueda ocurrir durante la ejecución de una llamada de retorno, lo que permite a atacantes remotos provocar una denegación de servicio (uso después de liberación de memoria) o posiblemente tener otro impacto no especificado a través de una extensión manipulada. • http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00050.html http://rhn.redhat.com/errata/RHSA-2016-0638.html http://www.debian.org/security/2016/dsa-3549 http://www.ubuntu.com/ •
CVSS: 9.3EPSS: 2%CPEs: 7EXPL: 0CVE-2016-1653 – chromium-browser: out-of-bounds write in V8
https://notcve.org/view.php?id=CVE-2016-1653
The LoadBuffer implementation in Google V8, as used in Google Chrome before 50.0.2661.75, mishandles data types, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds write operation, related to compiler/pipeline.cc and compiler/simplified-lowering.cc. La implementación LoadBuffer en Google V8, como se utiliza en Google Chrome en versiones anteriores a 50.0.2661.75, no maneja correctamente tipos de datos, lo que permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de código JavaScript manipulado que desencadena una operación de escritura fuera de rango, relacionado con compiler/pipeline.cc y compiler/simplified-lowering.cc. • http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00050.html http://rhn.redhat.com/errata/RHSA-2016-0638.html http://www.debian.org/security/2016/dsa-3549 http://www.ubuntu.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 6%CPEs: 4EXPL: 0CVE-2016-1651 – Google Chrome Pdfium JPEG2000 Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-1651
fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 50.0.2661.75, does not properly implement the sycc420_to_rgb and sycc422_to_rgb functions, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via crafted JPEG 2000 data in a PDF document. fxcodec/codec/fx_codec_jpx_opj.cpp en PDFium, como se utiliza en Google Chrome en versiones anteriores a 50.0.2661.75, no implementa correctamente las funciones sycc420_to_rgb y sycc422_to_rgb, lo que permite a atacantes remotos obtener información sensible de memoria de proceso o provocar una denegación de servicio (lectura fuera de rango) a través de datos JPEG 2000 manipulados en un documento PDF. This vulnerability allows an attacker to leak sensitive information on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JPEG2000 images. A specially crafted JPEG2000 image embedded inside a PDF can force Google Chrome to read memory past the end of an allocated object. An attacker can leverage this vulnerability to disclose the contents of adjacent memory. • http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00050.html http://rhn.redhat.com/errata/RHSA-2016-0638.html http://www.debian.org/security/2016/dsa-3549 http://zerodayinitiative.com&#x • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2016-2313
https://notcve.org/view.php?id=CVE-2016-2313
auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database. auth_logen.php en Cacti en versiones anteriores a 0.8.8g permite a usuarios remotos autenticados que utilizan autenticación web eludir las restricciones destinadas al acceso iniciando sesión como un usuario que no está en la base de datos cacti. • http://bugs.cacti.net/view.php?id=2656 http://lists.opensuse.org/opensuse-updates/2016-02/msg00077.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00078.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00080.html http://www.cacti.net/release_notes_0_8_8g.php http://www.securitytracker.com/id/1037745 https://security.gentoo.org/glsa/201607-05 https://security.gentoo.org/glsa/201711-10 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 0CVE-2016-3982
https://notcve.org/view.php?id=CVE-2016-3982
Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow. Error por un paso en la función bmp_rle4_fread en pngxrbmp.c en OptiPNG en versiones anteriores a 0.7.6 permite a atacantes remotos provocar una denegación de servicio (acceso a lectura o escritura fuera de rango y caída) o posiblemente ejecutar código arbitrario a través de un archivo de imagen manipulado, lo que desencadena un desbordamiento de buffer basado en memoria dinámica. • http://bugs.fi/media/afl/optipng/2 http://lists.opensuse.org/opensuse-updates/2016-04/msg00061.html http://lists.opensuse.org/opensuse-updates/2016-04/msg00065.html http://www.debian.org/security/2016/dsa-3546 http://www.ubuntu.com/usn/USN-2951-1 https://security.gentoo.org/glsa/201608-01 https://sourceforge.net/p/optipng/bugs/57 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •