CVE-2015-7702 – ntp: incomplete checks in ntp_crypto.c
https://notcve.org/view.php?id=CVE-2015-7702
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. La función crypto_xmit en ntpd en NTP 4.2.x en versiones anteriores a 4.2.8p4, y 4.3.x en versiones anteriores a 4.3.77 permite que atacantes remotos provoquen una denegación de servicio. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2014-9750. It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in NTP's ntp_crypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. • http://rhn.redhat.com/errata/RHSA-2016-0780.html http://rhn.redhat.com/errata/RHSA-2016-2583.html http://support.ntp.org/bin/view/Main/NtpBug2899 http://www.debian.org/security/2015/dsa-3388 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/77286 http://www.securitytracker.com/id/1033951 https://security.gentoo.org/glsa/201607-15 https://security.netapp.com/advisory/ntap-20171004-0001 https://access.redhat.com& • CWE-20: Improper Input Validation •
CVE-2015-7692 – ntp: incomplete checks in ntp_crypto.c
https://notcve.org/view.php?id=CVE-2015-7692
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. La función crypto_xmit en ntpd en NTP 4.2.x en versiones anteriores a 4.2.8p4, y 4.3.x en versiones anteriores a 4.3.77 permite que atacantes remotos provoquen una denegación de servicio. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2014-9750. It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in NTP's ntp_crypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. • http://rhn.redhat.com/errata/RHSA-2016-0780.html http://rhn.redhat.com/errata/RHSA-2016-2583.html http://support.ntp.org/bin/view/Main/NtpBug2899 http://www.debian.org/security/2015/dsa-3388 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/77285 http://www.securitytracker.com/id/1033951 https://bugzilla.redhat.com/show_bug.cgi?id=1274254 https://security.gentoo.org/glsa/201607-15 https://security.netapp.com • CWE-20: Improper Input Validation •
CVE-2015-5165 – Qemu: rtl8139 uninitialized heap memory information leakage to guest (XSA-140)
https://notcve.org/view.php?id=CVE-2015-5165
The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors. Vulnerabilidad en la emulación de modo offload C+ en el modelo de tarjeta de red del dispositivo RTL8139 en QEMU, tal y como se utiliza en Xen 4.5.x y versiones anteriores, permite a atacantes remotos leer la memoria dinámica del proceso a través de vectores no especificados. An information leak flaw was found in the way QEMU's RTL8139 emulation implementation processed network packets under RTL8139 controller's C+ mode of operation. An unprivileged guest user could use this flaw to read up to 65 KB of uninitialized QEMU heap memory. • http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html http://rhn.redhat.com/errata/RHSA-2015-1674.html http://rhn.redhat.com/errata/RHSA-2015-1683.html http: • CWE-456: Missing Initialization of a Variable CWE-908: Use of Uninitialized Resource •
CVE-2015-4495 – Mozilla Firefox Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2015-4495
The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015. Vulnerabilidad en el lector de PDF en Mozilla Firefox en versiones anteriores a 39.0.3, Firefox ESR 38.x en versiones anteriores a 38.1.1 y Firefox OS en versiones anteriores a 2.2, permite a atacantes remotos eludir la Same Origin Policy y leer archivos arbitrarios u obtener privilegios a través de vectores que implican código JavaScript manipulado y un setter nativo, tal como se explotó activamente en agosto de 2015. A flaw was discovered in Mozilla Firefox that could be used to violate the same-origin policy and inject web script into a non-privileged part of the built-in PDF file viewer (PDF.js). An attacker could create a malicious web page that, when viewed by a victim, could steal arbitrary files (including private SSH keys, the /etc/passwd file, and other potentially sensitive files) from the system running Firefox. Moxilla Firefox allows remote attackers to bypass the Same Origin Policy to read arbitrary files or gain privileges. • https://www.exploit-db.com/exploits/37772 https://github.com/vincd/CVE-2015-4495 http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html http://lists.opensuse.org/opensuse-security- •
CVE-2015-3214 – QEMU - Programmable Interrupt Timer Controller Heap Overflow
https://notcve.org/view.php?id=CVE-2015-3214
The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index. Vulnerabilidad en pit_ioport_read en i8254.c en el kernel de Linux en versiones anteriores a 2.6.33 y en QEMU en versiones anteriores a 2.3.1, no distingue entre longitudes de lectura y longitudes de escritura, lo que podría permitir a los usuarios invitados del SO ejecutar código arbitrario en el host del SO desencadenando el uso de un índice no válido. An out-of-bounds memory access flaw, leading to memory corruption or possibly an information leak, was found in QEMU's pit_ioport_read() function. A privileged guest user in a QEMU guest, which had QEMU PIT emulation enabled, could potentially, in rare cases, use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process. • https://www.exploit-db.com/exploits/37990 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee73f656a604d5aa9df86a97102e4e462dd79924 http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.33 http://rhn.redhat.com/errata/RHSA-2015-1507.html http://rhn.redhat.com/errata/RHSA-2015-1508.html http://rhn.redhat.com/errata/RHSA-2015-1512.html http://www.debian.org/security/2015/dsa-3348 http://www.openwall.com/lists/oss-security/2015/06/25/7 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •