CVE-2016-3960
https://notcve.org/view.php?id=CVE-2016-3960
Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping. Desbordamiento de entero en el código shadow pagetable en Xen permite a usuarios locales del SO invitado provocar una denegación de servicio (caída de host) o posiblemente obtener privilegios sombreando un mapeo de superpágina. • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183275.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183350.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184209.html http://support.citrix.com/article/CTX209443 http://www.debian.org/security/2016/dsa-3554 http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.securityfocus.com/bid/86318 http://www.securitytracker.com/id/1035587 http://xenbits • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-4021 – pgpdump 0.29 Endless Loop
https://notcve.org/view.php?id=CVE-2016-4021
The read_binary function in buffer.c in pgpdump before 0.30 allows context-dependent attackers to cause a denial of service (infinite loop and CPU consumption) via crafted input, as demonstrated by the \xa3\x03 string. La función read_binary en buffer.c en pgpdump en versiones anteriores a 0.30 permite a atacantes dependientes del contexto provocar una denegación de servicio (bucle infinito y consumo de CPU) a través de una entrada manipulada, según lo demostrado por la cadena \xa3\x03. pgpdump version 0.29 suffers from an endless loop parsing issue that can lead to a denial of service. • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183750.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184617.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184689.html http://seclists.org/bugtraq/2016/Apr/99 https://github.com/kazu-yamamoto/pgpdump/pull/16 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-030.txt • CWE-399: Resource Management Errors •
CVE-2015-8106
https://notcve.org/view.php?id=CVE-2015-8106
Format string vulnerability in the CmdKeywords function in funct1.c in latex2rtf before 2.3.10 allows remote attackers to execute arbitrary code via format string specifiers in the \keywords command in a crafted TeX file. Vulnerabilidad de formato de cadena en la función CmdKeywords en funct1.c en latex2rtf en versiones anteriores a 2.3.10 permite a atacantes remotos ejecutar código arbitrario a través de especificadores de formato de cadena en el comando \keywords en un archivo TeX manipulado. • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181276.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181677.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181725.html http://www.openwall.com/lists/oss-security/2015/11/16/3 https://bugzilla.redhat.com/show_bug.cgi?id=1282492 https://sourceforge.net/p/latex2rtf/code/1244 • CWE-134: Use of Externally-Controlled Format String •
CVE-2016-3159
https://notcve.org/view.php?id=CVE-2016-3159
The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076. La función fpu_fxrstor en arch/x86/i387.c en Xen 4.x no maneja correctamente escrituras al bit FSW.ES hardware cuando se ejecuta en procesadores AMD64, lo que permite a usuarios locales del SO invitado obtener información sensible del contenido de registro de otro invitado aprovechando una excepción pendiente y bits de máscara. NOTA: esta vulnerabilidad existe por una solución incorrecta para CVE-2013-2076. • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181699.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181729.html http://support.citrix.com/article/CTX209443 http://www.debian.org/security/2016/dsa-3554 http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.securityfocus.com/bid/85716 http://www.securitytracker.com/id/1035435 http://xenbits.xen.org/xsa/advisory-172.html http://xenbits.xen.org/xsa/xsa172.patc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVE-2016-3158
https://notcve.org/view.php?id=CVE-2016-3158
The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076. La función xrstor en arch/x86/xstate.c en Xen 4.x no maneja correctamente escrituras al bit FSW.ES hardware cuando se ejecuta en procesadores AMD64, lo que permite a usuarios locales del SO invitado obtener información sensible del contenido de registro de otro invitado aprovechando una excepción pendiente y bits de máscara. NOTA: esta vulnerabilidad existe por una solución incorrecta para CVE-2013-2076. • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181699.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181729.html http://support.citrix.com/article/CTX209443 http://www.debian.org/security/2016/dsa-3554 http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.securityfocus.com/bid/85714 http://www.securitytracker.com/id/1035435 http://xenbits.xen.org/xsa/advisory-172.html http://xenbits.xen.org/xsa/xsa172-4 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •