Canonical: Security Vulnerabilities
Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.
CVSS Score
5.9
EPSS Score
0.006
Published
2016-06-16
The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer.
CVSS Score
7.8
EPSS Score
0.001
Published
2016-06-14
The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information.
CVSS Score
5.5
EPSS Score
0.001
Published
2016-06-14
The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode.
CVSS Score
4.4
EPSS Score
0.001
Published
2016-06-14
Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the "returned length of the object from _ksba_ber_parse_tl."
CVSS Score
7.5
EPSS Score
0.013
Published
2016-06-13
Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-4356.
CVSS Score
7.5
EPSS Score
0.011
Published
2016-06-13
The append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.3 allows remote attackers to cause a denial of service (out-of-bounds read) by clearing the high bit of the byte after invalid utf-8 encoded data.
CVSS Score
7.5
EPSS Score
0.011
Published
2016-06-13
Multiple integer overflows in ber-decoder.c in Libksba before 1.3.3 allow remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow.
CVSS Score
7.5
EPSS Score
0.008
Published
2016-06-13
ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow.
CVSS Score
7.5
EPSS Score
0.008
Published
2016-06-13
ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a denial of service (abort) via crafted BER data.
CVSS Score
7.5
EPSS Score
0.008
Published
2016-06-13