205 results (0.011 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

HP-UX could be exploited locally to create a Denial of Service (DoS) when any physical interface is configured with IPv6/inet6. • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbux04474en_us •

CVSS: 7.8EPSS: 97%CPEs: 49EXPL: 2

buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query. buffer.c en named en ISC BIND 9 en versiones anteriores a 9.9.9-P3, 9.10.x en versiones anteriores a 9.10.4-P3 y 9.11.x en versiones anteriores a 9.11.0rc3 no construye respuestas adecuadamente, lo que permite a atacantes remotos provocar una denegación de servicio (fallo de aserción y salida de demonio) a través de una consulta manipulada. A denial of service flaw was found in the way BIND constructed a response to a query that met certain criteria. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet. A defect in the rendering of messages into packets can cause named to exit with an assertion failure in buffer.c while constructing a response to a query that meets certain criteria. This assertion can be triggered even if the apparent source address isnt allowed to make queries. • https://www.exploit-db.com/exploits/40453 https://github.com/infobyte/CVE-2016-2776 http://rhn.redhat.com/errata/RHSA-2016-1944.html http://rhn.redhat.com/errata/RHSA-2016-1945.html http://rhn.redhat.com/errata/RHSA-2016-2099.html http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html http://www.securityf • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

Base-VxFS-50 B.05.00.01 through B.05.00.02, Base-VxFS-501 B.05.01.0 through B.05.01.03, and Base-VxFS-51 B.05.10.00 through B.05.10.02 on HPE HP-UX 11iv3 with VxFS 5.0, VxFS 5.0.1, and VxFS 5.1SP1 mishandles ACL inheritance for default:class: entries, default:other: entries, and default:user: entries, which allows local users to bypass intended access restrictions by leveraging the configuration of a parent directory. Base-VxFS-50 B.05.00.01 hasta la versión B.05.00.02, Base-VxFS-501 B.05.01.0 hasta la versión B.05.01.03, y Base-VxFS-51 B.05.10.00 hasta la versión B.05.10.02 en HPE HP-UX 11iv3 con VxFS 5.0, VxFS 5.0.1 y VxFS 5.1SP1 no maneja correctamente la herencia ACL para default:class: entries, default:other: entries y default:user: entries, lo que permite a usuarios locales eludir las restricciones destinadas al acceso aprovechando la configuración de un directorio padre. • http://www.securitytracker.com/id/1035816 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05121749 • CWE-284: Improper Access Control •

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0

Unspecified vulnerability in pppoec in HP HP-UX 11iv2 and 11iv3 allows local users to gain privileges by leveraging setuid permissions. Vulnerabilidad no especificada en pppoec en HP HP-UX 11iv2 y 11iv3 permite a usuarios locales ganar privilegios mediante el aprovechamiento de permisos setuid. • http://www.securityfocus.com/bid/75462 http://www.securitytracker.com/id/1032746 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04718530 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.8EPSS: 0%CPEs: 240EXPL: 0

The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation. La implementación Expression Language (EL) en Apache Tomcat 6.x anterior a 6.0.44, 7.x anterior a 7.0.58, y 8.x anterior a 8.0.16 no considera correctamente la posibilidad de una interfaz accesible implementada por una clase no accesible, lo que permite a atacantes evadir un mecanismo de protección SecurityManager a través de una aplicación web que aprovecha el uso de privilegios incorrectos durante la evaluación EL. It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. • http://marc.info/?l=bugtraq&m=145974991225029&w=2 http://rhn.redhat.com/errata/RHSA-2015-1621.html http://rhn.redhat.com/errata/RHSA-2015-1622.html http://rhn.redhat.com/errata/RHSA-2016-0492.html http://rhn.redhat.com/errata/RHSA-2016-2046.html http://svn.apache.org/viewvc?view=revision&revision=1644018 http://svn.apache.org/viewvc?view=revision&revision=1645642 http://tomcat.apache.org/security-6.html http://tomcat.apache.org/security-7.html http://tomcat.apach • CWE-284: Improper Access Control •