CVSS: 7.5EPSS: 1%CPEs: 33EXPL: 0CVE-2015-5219 – ntp: infinite loop in sntp processing crafted packet
https://notcve.org/view.php?id=CVE-2015-5219
The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet. La función ULOGTOD en el archivo ntp.d en SNTP en versiones anteriores a la 4.2.7p366 no realiza apropiadamente las conversiones de tipo de un valor de precisión a uno doble, lo que permite a los atacantes remotos causar una denegación de servicio (bucle infinito) por medio de un paquete NTP creado. It was discovered that the sntp utility could become unresponsive due to being caught in an infinite loop when processing a crafted NTP packet. • http://aix.software.ibm.com/aix/efixes/security/ntp_advisory4.asc http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=51786731Gr4-NOrTBC_a_uXO4wuGhg http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html http://lists.opensuse.org/opensuse-updates&#x • CWE-704: Incorrect Type Conversion or Cast CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 5%CPEs: 38EXPL: 0CVE-2015-5300 – ntp: MITM attacker can force ntpd to make a step larger than the panic threshold
https://notcve.org/view.php?id=CVE-2015-5300
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart). La comprobación panic_gate en NTP anterior a versión 4.2.8p5 es solo habilitada nuevamente después del primer cambio al reloj del sistema que fue mayor que 128 milisegundos por defecto, permitiendo a los atacantes remotos fijar el NTP a un tiempo arbitrario cuando arranca con la opción -g, o alterar el tiempo hasta 900 segundos, de lo contrario por respuesta a un número no especificado de peticiones de fuentes de confianza y aprovechando una denegación de servicio resultante (anular y reiniciar). It was found that ntpd did not correctly implement the threshold limitation for the '-g' option, which is used to set the time without any restrictions. A man-in-the-middle attacker able to intercept NTP traffic between a connecting client and an NTP server could use this flaw to force that client to make multiple steps larger than the panic threshold, effectively changing the time to an arbitrary value at any time. • http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html http://lists.opensuse.org/opensuse-security-announc • CWE-20: Improper Input Validation CWE-361: 7PK - Time and State •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2015-5235 – icedtea-web: applet origin spoofing
https://notcve.org/view.php?id=CVE-2015-5235
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page. IcedTea-Web en versiones anteriores a 1.5.3 y 1.6.x en versiones anteriores a 1.6.1 no determina correctamente el origen de applets no firmados, lo que permite a atacantes remotos eludir el proceso de autorización o engañar al usuario para que acepte la ejecución del applet a través de una página web manipulada. It was discovered that IcedTea-Web did not properly determine an applet's origin when asking the user if the applet should be run. A malicious page could use this flaw to cause IcedTea-Web to execute the applet without user approval, or confuse the user into approving applet execution based on an incorrectly indicated applet origin. • http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167120.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167130.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2015-September/033546.html http://rhn.redhat.com/errata/RHSA-2016-0778.html http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securitytracker.com/id/1033780 http://w • CWE-20: Improper Input Validation CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 6.8EPSS: 0%CPEs: 10EXPL: 0CVE-2015-5234 – icedtea-web: unexpected permanent authorization of unsigned applets
https://notcve.org/view.php?id=CVE-2015-5234
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks. IcedTea-Web en versiones anteriores a 1.5.3 y 1.6.x anterior a 1.6.1 no limpia correctamente URLs de applet, lo que permite a atacantes remotos inyectar applets en el archivo de configuración .appletTrustSettings y eludir la aprobación del usuario para ejecutar la applet a través de una página web manipulada, probablemente relacionada con el salto de línea. It was discovered that IcedTea-Web did not properly sanitize applet URLs when storing applet trust settings. A malicious web page could use this flaw to inject trust-settings configuration, and cause applets to be executed without user approval. • http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167120.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167130.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2015-September/033546.html http://rhn.redhat.com/errata/RHSA-2016-0778.html http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securitytracker.com/id/1033780 http://w • CWE-20: Improper Input Validation CWE-138: Improper Neutralization of Special Elements •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2015-5260 – spice: insufficient validation of surface_id parameter can cause crash
https://notcve.org/view.php?id=CVE-2015-5260
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter. Desbordamiento de buffer basado en memoria dinámica en SPICE en versiones anteriores a 0.12.6 permite a usuarios invitados del SO provocar una denegación de servicio (corrupción basada en memoria dinámica y caída de QEMu-KVM) o posiblemente ejecutar código arbitrario en el anfitrión a través de comandos QXL relacionados con el parámetro surface_id . A heap-based buffer overflow flaw was found in the way spice handled certain QXL commands related to the "surface_id" parameter. A user in a guest could use this flaw to crash the host QEMU-KVM process or, possibly, execute arbitrary code with the privileges of the host QEMU-KVM process. • http://lists.freedesktop.org/archives/spice-devel/2015-October/022191.html http://rhn.redhat.com/errata/RHSA-2015-1889.html http://rhn.redhat.com/errata/RHSA-2015-1890.html http://www.debian.org/security/2015/dsa-3371 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/77019 http://www.securitytracker.com/id/1033753 http://www.ubuntu.com/usn/USN-2766-1 https://bugzilla.redhat.com/show_bug.cgi?id=1260822 https:&# • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •