Log

CVE-2016-9138 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing while unserializing, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted serialized data, as demonstrated by Exception::__toString with DateInterval::__wakeup.
References
+ https://bugs.php.net/bug.php?id=73147
+ https://git.php.net/?p=php-src.git;a=commit;h=0e6fe3a4c96be2d3e88389a5776f878021b4c59f
+ http://seclists.org/oss-sec/2016/q4/296
Notes
CVE-2016-9147 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Denial of service
Description
+ A denial of service flaw was found in the way BIND handled a query response containing inconsistent DNSSEC information. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.
References
+ https://kb.isc.org/article/AA-01440/0
Notes
CVE-2016-9262 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A number of overflows were found in jasper causing use after free vulnerability triggered by a crafted image.
References
+ https://github.com/mdadams/jasper/commit/634ce8e8a5accc0fa05dd2
+ http://seclists.org/oss-sec/2016/q4/385
Notes
CVE-2016-9273 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ A heap buffer overflow has been discovered resulting in a read outside of the array boundaries leading to an application crash.
References
+ http://bugzilla.maptools.org/show_bug.cgi?id=2587
+ http://www.openwall.com/lists/oss-security/2016/11/09/20
+ https://github.com/vadz/libtiff/commit/d651abc097d91fac57f33b5f9447d0a9183f58e7
Notes
+ FIXED:
+ 2016-11-10 Even Rouault <even.rouault at spatialys.com>
+ libtiff/tif_strip.c: make TIFFNumberOfStrips() return the td->td_nstrips value when it is non-zero, instead of recomputing it. This is needed in TIFF_STRIPCHOP mode where td_nstrips is modified. Fixes a read outsize of array in tiffsplit (or other utilities using TIFFNumberOfStrips()).
CVE-2016-9275 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Information disclosure
Description
+ An out of bounds heap read was found in _dwarf_skim_forms in dwarf_macro5.c triggered by crafted input to dwarfdump utility.
References
+ https://sourceforge.net/p/libdwarf/code/ci/583f8834083b5ef834c497f5b47797e16101a9a6/
+ http://seclists.org/oss-sec/2016/q4/401
Notes
CVE-2016-9276 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Information disclosure
Description
+ An out of bounds heap read was found in dwarf_get_aranges_list in dwarf_arrange.c triggered by crafted input to dwarfdump utility.
References
+ https://github.com/asarubbo/poc/blob/master/00026-libdwarf-heapoverflow-dwarf_get_aranges_list
+ https://github.com/asarubbo/poc/blob/master/00026-libdwarf-heapoverflow-dwarf_get_aranges_list
Notes
CVE-2016-9297 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ A buffer read overflow has been discovered in libtiff. The function TIFFFetchNormalTag() in libtiff/tif_dirread.c did not make sure that values of tags with TIFF_SETGET_C16_ASCII / TIFF_SETGET_C32_ASCII access are null terminated leading to potential read outside the buffer in _TIFFPrintField().
References
+ http://bugzilla.maptools.org/show_bug.cgi?id=2590
+ http://bugzilla.maptools.org/show_bug.cgi?id=2593
+ https://github.com/vadz/libtiff/commit/30c9234c7fd0dd5e8b1e83ad44370c875a0270ed
+ https://github.com/vadz/libtiff/commit/89406285f318ffad27af4b200204394b2ee6ba5e
Notes
+ FIXED:
+ 2016-11-11 Even Rouault <even.rouault at spatialys.com>
+ libtiff/tif_dirread.c: in TIFFFetchNormalTag(), make sure that values of tags with TIFF_SETGET_C16_ASCII / TIFF_SETGET_C32_ASCII access are null terminated, to avoid potential read outside buffer in _TIFFPrintField().
CVE-2016-9310 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Denial of service
Description
+ An exploitable configuration modification vulnerability exists in the control mode (mode 6) functionality of ntpd. If, against long-standing BCP recommendations, "restrict default noquery ..." is not specified, a specially crafted control mode packet can set ntpd traps, providing information disclosure and DDoS amplification, and unset ntpd traps, disabling legitimate monitoring. A remote, unauthenticated, network attacker can trigger this vulnerability.
References
+ http://support.ntp.org/bin/view/Main/NtpBug3118
Notes
+ Mitigation:
+ Use "restrict default noquery ..." in your ntp.conf file.
CVE-2016-9311 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ ntpd does not enable trap service by default. If trap service has been explicitly enabled, an attacker can send a specially crafted packet to cause a null pointer dereference that will crash ntpd, resulting in a denial of service.
References
+ http://support.ntp.org/bin/view/Main/NtpBug3119
Notes
+ Mitigation:
+ Use "restrict default noquery ..." in your ntp.conf file. Only allow mode 6 queries from trusted networks and hosts.
CVE-2016-9312 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Denial of service
Description
+ If a vulnerable instance of ntpd on Windows receives a crafted malicious packet that is "too big", ntpd will stop working.
References
+ http://support.ntp.org/bin/view/Main/NtpBug3110
Notes
+ This issue only affects Windows systems.
+
+ Mitigation:
+ Implement a firewall rule blocking oversized NTP packets.