CVSS: 9.3EPSS: 28%CPEs: 13EXPL: 1CVE-2016-1646 – Google Chromium V8 Out-of-Bounds Read Vulnerability
https://notcve.org/view.php?id=CVE-2016-1646
The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code. La implementación de Array.prototype.concat en builtins.cc en Google V8, tal como se utiliza en Google Chrome en versiones anteriores a 49.0.2623.108, no considera adecuadamante los tipos de datos del elemento, lo que permite a atacantes remotos provocar una denegación de servicio (lectura fuera de rango) o posiblemente tener otro impacto no especificado a través de código JavaScript manipulado. Google Chromium V8 Engine contains an out-of-bounds read vulnerability that allows a remote attacker to cause a denial of service or possibly have another unspecified impact via crafted JavaScript code. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_24.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00039.html http://rhn.redhat.com/errata/RHSA-2016-0525.html http://www.debian.org/security/2016/dsa-3531 http://www.securitytracker.com/id/1035423 http://www.ubuntu.com/usn/USN-2955-1 https:// • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 5%CPEs: 76EXPL: 0CVE-2016-3119 – krb5: null pointer dereference in kadmin
https://notcve.org/view.php?id=CVE-2016-3119
The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal. La función process_db_args en plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c en el módulo LDAP KDB en kadmind en MIT Kerberos 5 (también conocido como krb5) hasta la versión 1.13.4 y 1.14.x hasta la versión 1.14.1 no maneja adecuadamente el argumento DB, lo que permite a usuarios remotros autenticados provocar una denegación de servicio (referencia a puntero NULL y caída de demonio) a través de una petición manipulada para modificar una principal. A NULL pointer dereference flaw was found in MIT Kerberos kadmind service. An authenticated attacker with permission to modify a principal entry could use this flaw to cause kadmind to dereference a null pointer and crash by supplying an empty DB argument to the modify_principal command, if kadmind was configured to use the LDAP KDB module. • http://lists.opensuse.org/opensuse-updates/2016-04/msg00007.html http://lists.opensuse.org/opensuse-updates/2016-04/msg00055.html http://rhn.redhat.com/errata/RHSA-2016-2591.html http://www.securityfocus.com/bid/85392 http://www.securitytracker.com/id/1035399 https://github.com/krb5/krb5/commit/08c642c09c38a9c6454ab43a9b53b2a89b9eef99 https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html https://access.redhat.com/security/cve/CVE-2016-3119 https://bugzilla.redhat.com/show_bug& • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 14%CPEs: 10EXPL: 0CVE-2016-2315 – git: path_name() integer truncation and overflow leading to buffer overflow
https://notcve.org/view.php?id=CVE-2016-2315
revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow. revision.c en git en versiones anteriores a 2.7.4 utiliza un tipo de datos de entero incorrecto, lo que permite a atacantes remotos ejecutar código arbitrario a través de un (1) nombre de archivo grande o (2) muchos árboles anidados, dando lugar a un desbordamiento de buffer basado en memoria dinámica. An integer truncation flaw and an integer overflow flaw, both leading to a heap-based buffer overflow, were found in the way Git processed certain path information. A remote attacker could create a specially crafted Git repository that would cause a Git client or server to crash or, possibly, execute arbitrary code. • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183147.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179121.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180763.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00061.html http://lists.opensuse.org/opensuse-security-announce • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-194: Unexpected Sign Extension •
CVSS: 10.0EPSS: 13%CPEs: 10EXPL: 0CVE-2016-2324 – git: path_name() integer truncation and overflow leading to buffer overflow
https://notcve.org/view.php?id=CVE-2016-2324
Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow. Desboradmiento de entero en Git en versiones anteriores a 2.7.4 permite a atacantes remotos ejecutar código arbitrario a través de un (1) nombre de archivo grande o (2) muchos árboles anidados, lo que desencadena un desbordamiento de buffer basado en memoria dinámica. An integer truncation flaw and an integer overflow flaw, both leading to a heap-based buffer overflow, were found in the way Git processed certain path information. A remote attacker could create a specially crafted Git repository that would cause a Git client or server to crash or, possibly, execute arbitrary code. • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183147.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179121.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180763.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00061.html http://lists.opensuse.org/opensuse-security-announce • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-194: Unexpected Sign Extension •
CVSS: 9.8EPSS: 3%CPEs: 5EXPL: 4CVE-2016-2851 – libotr 4.1.0 - Memory Corruption
https://notcve.org/view.php?id=CVE-2016-2851
Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow. Desbordamiento de entero en proto.c en libotr en versiones anteriores a 4.1.1 en plataformas de 64-bit permite a atacantes remotos causar denegación de servicio (corrupción de memoria y caída de aplicación) o ejecutar código arbitrario a través de una serie de mensajes OTR grandes, lo que desencadena un desbordamiento de buffer basado en memoria dinámica. A remote attacker may crash or execute arbitrary code in libotr by sending large OTR messages. While processing specially crafted messages, attacker controlled data on the heap is written out of bounds. No special user interaction or authorization is necessary in default configurations. libotr versions 4.1.0 and below are affected. • https://www.exploit-db.com/exploits/39550 http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00030.html http://seclists.org/fulldisclosure/2016/Mar/21 http://www.debian.org/security/2016/dsa-3512 http://www.securityfocus.com/archive/1/537745/100/0/threaded http://www.securityfocus.com/bid/84285 http://www.ubuntu.com/usn/USN-2926-1 https://lists.cypherpunks.ca/pipermail/otr-users/2016-Mar • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •