CVSS: 5.9EPSS: 1%CPEs: 25EXPL: 0CVE-2016-0695 – OpenJDK: insufficient DSA key parameters checks (Security, 8138593)
https://notcve.org/view.php?id=CVE-2016-0695
20 Apr 2016 — Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality via vectors related to Security. Vulnerabilidad no especificada en Oracle Java SE 6u113, 7u99 y 8u77; Java SE Embedded 8u77; y JRockit R28.3.9 permite a atacantes remotos afectar a la confidencialidad a través de vectores relacionados con Security. It was discovered that the Security component in OpenJDK failed to check the digest algorithm strength ... • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html •
CVSS: 9.8EPSS: 0%CPEs: 25EXPL: 0CVE-2016-1908 – openssh: possible fallback from untrusted to trusted X11 forwarding
https://notcve.org/view.php?id=CVE-2016-1908
22 Mar 2016 — The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server. El cliente en OpenSSH en versiones anteriores a 7.2 no maneja correctamente falló en la generación de cookies para el reenvío... • http://openwall.com/lists/oss-security/2016/01/15/13 • CWE-284: Improper Access Control CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 85%CPEs: 22EXPL: 4CVE-2016-1960 – Mozilla Firefox nsHtml5TreeBuilder Array Indexing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-1960
09 Mar 2016 — Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545. Desbordamiento inferior de entero en la clase nsHtml5TreeBuilder en el intérprete de cadenas HTML5 en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en ve... • https://packetstorm.news/files/id/146819 •
CVSS: 8.8EPSS: 0%CPEs: 22EXPL: 0CVE-2016-2790 – graphite2: multiple font parsing vulnerabilities (Mozilla MFSA 2016-37)
https://notcve.org/view.php?id=CVE-2016-2790
09 Mar 2016 — The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font. La función graphite2::TtfUtil::GetTableInfo en Graphite 2 en versiones anteriores a 1.3.6, como se utiliza en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR ... • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html • CWE-19: Data Processing Errors •
CVSS: 8.8EPSS: 0%CPEs: 22EXPL: 0CVE-2016-2791 – graphite2: multiple font parsing vulnerabilities (Mozilla MFSA 2016-37)
https://notcve.org/view.php?id=CVE-2016-2791
09 Mar 2016 — The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. La función graphite2::GlyphCache::glyph en Graphite 2 en versiones anteriores a 1.3.6, como se utiliza en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones anteriores a 38.7 permite a atacant... • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 22EXPL: 0CVE-2016-2792 – graphite2: multiple font parsing vulnerabilities (Mozilla MFSA 2016-37)
https://notcve.org/view.php?id=CVE-2016-2792
09 Mar 2016 — The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2800. La función graphite2::Slot::getAttr en Slot.cpp en Graphite 2 en versiones anteriores a 1.3.6, como se utiliza en Mozilla Firefox en versiones anteriores a 45.0 y Fir... • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 22EXPL: 0CVE-2016-2793 – graphite2: multiple font parsing vulnerabilities (Mozilla MFSA 2016-37)
https://notcve.org/view.php?id=CVE-2016-2793
09 Mar 2016 — CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. CachedCmap.cpp en Graphite 2 en versiones anteriores a 1.3.6, como se utiliza en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en versiones anteriores a 38.7, permite a atacantes remotos causar una denegación de servicio (sobre... • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 22EXPL: 0CVE-2016-2794 – graphite2: multiple font parsing vulnerabilities (Mozilla MFSA 2016-37)
https://notcve.org/view.php?id=CVE-2016-2794
09 Mar 2016 — The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. La función graphite2::TtfUtil::CmapSubtable12NextCodepoint en Graphite 2 en versiones anteriores a 1.3.6, como se utiliza en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ESR 38.x en version... • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 22EXPL: 0CVE-2016-2795 – graphite2: multiple font parsing vulnerabilities (Mozilla MFSA 2016-37)
https://notcve.org/view.php?id=CVE-2016-2795
09 Mar 2016 — The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font. La función graphite2::FileFace::get_table_fn en Graphite 2 en versiones anteriores a 1.3.6, como se utiliza en Mozilla Firefox en versiones anteriores a 45.0 y Firefox ES... • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html • CWE-19: Data Processing Errors •
CVSS: 8.8EPSS: 0%CPEs: 22EXPL: 0CVE-2016-2796 – graphite2: multiple font parsing vulnerabilities (Mozilla MFSA 2016-37)
https://notcve.org/view.php?id=CVE-2016-2796
09 Mar 2016 — Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font. Desbordamiento de buffer basado en memoria dinámica en la función graphite2::vm::Machine::Code::Code en Graphite 2 en versiones anteriores a 1.3.6, como se utiliza en Mozilla Firefox en versiones anterio... • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •