CVSS: 8.8EPSS: 3%CPEs: 11EXPL: 0CVE-2016-2828 – Mozilla: Use-after-free when textures are used in WebGL operations after recycle pool destruction (MFSA 2016-56)
https://notcve.org/view.php?id=CVE-2016-2828
Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool. Vulnerabilidad de uso después de liberación de memoria en Mozilla Firefox en versiones anteriores a 47.0 y Firefox ESR 45.x en versiones anteriores a 45.2 permite a atacantes remotos ejecutar código arbitrario a través de un contenido WebGL que desencadena acceso de textura después de la destrucción de la papelera de reciclaje de texturas. • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html http://www.debian.org/security/2016/dsa-3600 http://www.mozilla.org/security/announce/2016/mfsa2016-56.html http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/91075 http://www.securitytracker.com/id/1036057 http&# •
CVSS: 8.8EPSS: 0%CPEs: 40EXPL: 0CVE-2016-2818 – Mozilla: Miscellaneous memory safety hazards (rv:45.2) (MFSA 2016-49)
https://notcve.org/view.php?id=CVE-2016-2818
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox en versiones anteriores a 47.0 y Firefox ESR 45.x en versiones anteriores a 45.2 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html http://www.debian.org/security/2016/dsa-3600 http:/&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2016-5300
https://notcve.org/view.php?id=CVE-2016-5300
The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876. El intérprete XML en Expat no utiliza suficiente entropía para inicialización hash, lo que permite a atacantes dependientes del contexto provocar una denegación de servicio (consumo de CPU) a través de identificadores manipulados en un documento XML. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2012-0876. • http://www.debian.org/security/2016/dsa-3597 http://www.openwall.com/lists/oss-security/2016/06/04/4 http://www.openwall.com/lists/oss-security/2016/06/04/5 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.securityfocus.com/bid/91159 http://www.ubuntu.com/usn/USN-3010-1 https://kc.mcafee.com/corporate/index?page=content&id=SB10365 https://lists.apache.org • CWE-399: Resource Management Errors •
CVSS: 5.9EPSS: 0%CPEs: 11EXPL: 0CVE-2012-6702
https://notcve.org/view.php?id=CVE-2012-6702
Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function. Expat, cuando se utiliza en un intérprete que no ha realizado una llamada XML_SetHashSalt o pasado una semilla de 0, facilita a atacantes dependientes del contexto romper mecanismos de protección criptográfica a través de vectores que involucran el uso de la función srand. • http://www.debian.org/security/2016/dsa-3597 http://www.openwall.com/lists/oss-security/2016/06/03/8 http://www.openwall.com/lists/oss-security/2016/06/04/1 http://www.securityfocus.com/bid/91483 http://www.ubuntu.com/usn/USN-3010-1 https://security.gentoo.org/glsa/201701-21 https://source.android.com/security/bulletin/2016-11-01.html https://www.tenable.com/security/tns-2016-20 • CWE-310: Cryptographic Issues •
CVSS: 6.0EPSS: 0%CPEs: 5EXPL: 0CVE-2016-4454
https://notcve.org/view.php?id=CVE-2016-4454
The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-bounds read. La función vmsvga_fifo_read_raw en hw/display/vmware_vga.c en QEMU permite a administradores locales del SO invitado obtener información sensible de la memoria del anfitrión o provocar una denegación de servicio (caída del proceso QEMU) cambiando registros FIFO y emitiendo un comando VGA, lo que desencadena una lectura fuera de rango. • http://www.openwall.com/lists/oss-security/2016/05/30/3 http://www.securityfocus.com/bid/90927 http://www.ubuntu.com/usn/USN-3047-1 http://www.ubuntu.com/usn/USN-3047-2 https://bugzilla.redhat.com/show_bug.cgi?id=1336429 https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05271.html https://security.gentoo.org/glsa/201609-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •