Log

CVE-2016-9557 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ A signed integer overflow vulnerability has been discovered in jas_image.c triggered by a crafted image. An option max_samples has been added to the BMP and JPEG decoders to restrict the maximum size of image that they can decode. This change was made as a (possibly temporary) fix to address security concerns.
References
+ https://github.com/mdadams/jasper/commit/d42b2388f7f8e0332c846675133acea151fc557a
+ http://www.openwall.com/lists/oss-security/2016/11/23/2
Notes
CVE-2016-9558 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Local
Type
+ Denial of service
Description
+ A negation overflow vulnerability was found in dwarf_leb.c triggered by crafted input to dwarfdump utility.
References
+ https://blogs.gentoo.org/ago/2016/11/19/libdwarf-negation-overflow-in-dwarf_leb-c/
Notes
CVE-2016-9560 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A stack buffer overflow vulnerability has been discovered in jpc/jpc_dec.c duo to an out of bounds array write triggered by a crafted image.
References
+ https://github.com/mdadams/jasper/commit/1abc2e5a401a4bf1d5ca4df91358ce5df111f495
+ http://www.openwall.com/lists/oss-security/2016/11/23/5
Notes
CVE-2016-9586 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ libcurl's implementation of the printf() functions triggers a buffer overflow when doing a large floating point output. The bug occurs when the conversion outputs more than 255 bytes. The flaw happens because the floating point conversion is using system functions without the correct boundary checks.
+ The functions have been documented as deprecated for a long time and users are discouraged from using them in "new programs" as they are planned to get removed at a future point. But as the functions are present and there's nothing preventing users from using them, we expect there to be a certain amount of existing users in the wild.
+ If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.
References
+ https://curl.haxx.se/docs/adv_20161221A.html
Notes
+ This flaw is present in the curl_*printf (curlx_*printf) family of functions, which are not used by curl but are exposed from libcurl.
+ To be exposed, third-party code would need to be using these long-deprecated functions, with a floating-point specifier and user-controlled (floating-point) input. The overflow itself is of a 256-byte stack-allocated buffer, when the decimal expansion of the float exceeds that by up to 70 bytes. Beyond about 16 digits for a double, the decimal expansion is effectively random so the attacker has very little control over precisely what bytes are written.
CVE-2016-9587 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary command execution
Description
+ An input validation vulnerability was found in ansible's handling of data sent from client systems. An attacker with control over a client system being managed by ansible and the ability to send facts back to the ansible server could use this flaw to execute arbitrary commands on the ansible server as the user and group ansible is running as.
References
+ https://www.computest.nl/advisories/CT-2017-0109_Ansible.txt
Notes
CVE-2016-9588 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Denial of service
Description
+ Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization(nVMX) feature enabled(nested=1), is vulnerable to an uncaught exception issue. It could occur if an L2 guest was to throw an exception which is not handled by an L1 guest.
References
Notes
CVE-2016-9591 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A heap-use-after-free vulnerability has been found in jasper. The vulnerability exists in code responsible for re-encoding the decoded input image file to a J2P image. The vulnerability is caused by not setting related pointers to be null after the pointers are freed (i.e. missing Setting-Pointer-Null operations after free). The vulnerability can further cause double-free.
References
+ https://github.com/mdadams/jasper/issues/105
+ http://www.openwall.com/lists/oss-security/2016/12/16/3
+ https://github.com/mdadams/jasper/commit/03fe49ab96bf65fea784cdc256507ea88267fc7c
Notes
CVE-2016-9594 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Incorrect calculation
Description
+ libcurl's (new) internal function that returns a good 32bit random value was implemented poorly and overwrote the pointer instead of writing the value into the buffer the pointer pointed to. This random value is used to generate nonces for Digest and NTLM authentication, for generating boundary strings in HTTP formposts and more. Having a weak or virtually non-existent random there makes these operations vulnerable.
+ This function has been introduced in 7.52.0
References
+ https://curl.haxx.se/docs/adv_20161223.html
Notes
CVE-2016-9642 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ JavaScriptCore in WebKitGTK+ before 2.16.0 allows attackers to cause a denial of service (out-of-bounds heap read) via a crafted Javascript file.
References
+ https://webkitgtk.org/security/WSA-2017-0003.html
Notes
+ Fixed in 2.14.6 / 2.16.0.
CVE-2016-9643 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ The regex code in WebKitGTK+ before 2.14.6 allows remote attackers to cause a denial of service (memory consumption) as demonstrated in a large number of ($ (open parenthesis and dollar) followed by {-2,16} and a large number of +) (plus close parenthesis).
References
+ https://webkitgtk.org/security/WSA-2017-0003.html
Notes