CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2016-3071
https://notcve.org/view.php?id=CVE-2016-3071
18 Apr 2016 — Libreswan 3.16 might allow remote attackers to cause a denial of service (daemon restart) via an IKEv2 aes_xcbc transform. Libreswan 3.16 podría permitir a atacantes remotos provocar una denegación de servicio (reinicio del demonio) a través de una tranformación de IKEv2 aes_xcbc. • http://download.libreswan.org/CHANGES • CWE-20: Improper Input Validation CWE-310: Cryptographic Issues •
CVSS: 7.8EPSS: 3%CPEs: 4EXPL: 3CVE-2016-4021 – pgpdump 0.29 Endless Loop
https://notcve.org/view.php?id=CVE-2016-4021
18 Apr 2016 — The read_binary function in buffer.c in pgpdump before 0.30 allows context-dependent attackers to cause a denial of service (infinite loop and CPU consumption) via crafted input, as demonstrated by the \xa3\x03 string. La función read_binary en buffer.c en pgpdump en versiones anteriores a 0.30 permite a atacantes dependientes del contexto provocar una denegación de servicio (bucle infinito y consumo de CPU) a través de una entrada manipulada, según lo demostrado por la cadena \xa3\x03. pgpdump version 0.29... • https://packetstorm.news/files/id/136727 • CWE-399: Resource Management Errors •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2016-3144
https://notcve.org/view.php?id=CVE-2016-3144
15 Apr 2016 — Cross-site scripting (XSS) vulnerability in the Block Class module 7.x-2.x before 7.x-2.2 for Drupal allows remote authenticated users with the "Administer block classes" permission to inject arbitrary web script or HTML via a class name. Vulnerabilidad de XSS en el módulo Block Class 7.x-2.x en versiones anteriores a 7.x-2.2 para Drupal permite a usuarios remotos autenticados con el permiso "Administer block classes" inyectar secuencias de comandos web o HTML arbitrarios a través de un nombre de clase. • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182535.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 68%CPEs: 228EXPL: 0CVE-2016-1285 – bind: malformed packet sent to rndc can trigger assertion failure
https://notcve.org/view.php?id=CVE-2016-1285
09 Mar 2016 — named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c. named en ISC BIND 9.x en versiones anteriores a 9.9.8-P4 y 9.10.x en versiones anteriores a 9.10.3-P4 no maneja adecuadamente los archivos DNAME cuando analiza gramaticalmente l... • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.html • CWE-617: Reachable Assertion •
CVSS: 8.6EPSS: 58%CPEs: 228EXPL: 0CVE-2016-1286 – bind: malformed signature records for DNAME records can trigger assertion failure
https://notcve.org/view.php?id=CVE-2016-1286
09 Mar 2016 — named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c. named en ISC BIND 9.x en versiones anteriores a 9.9.8-P4 y 9.10.x en versiones anteriores a 9.10.3-P4 permite a atacantes remotos provocar una denegación de servicio (fallo de aserción y salida de demonio) a través de un registro de firma manipulado para un registro DNAME, ... • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.html • CWE-617: Reachable Assertion •
CVSS: 9.8EPSS: 24%CPEs: 4EXPL: 0CVE-2016-0729 – xerces-c: parser crashes on malformed input
https://notcve.org/view.php?id=CVE-2016-0729
25 Feb 2016 — Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp, and (3) util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denial of service (segmentation fault or memory corruption) or possibly execute arbitrary code via a crafted document. Múltiples desbordamientos en (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp y (3) util/XMLUri.cpp en la librería XML Parser en Apache Xerces-C en versiones anteriores a 3.1.3 permite a atacantes rem... • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182062.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.3EPSS: 0%CPEs: 50EXPL: 0CVE-2016-2039 – Debian Security Advisory 3627-1
https://notcve.org/view.php?id=CVE-2016-2039
20 Feb 2016 — libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value. libraries/session.inc.php en phpMyAdmin 4.0.x en versiones anteriores a 4.0.10.13, 4.4.x en versiones anteriores a 4.4.15.3 y 4.5.x en versiones anteriores a 4.5.4 no genera adecuadamente valores de token CSRF, lo que permite a atacantes remotos eludir las restric... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2015-2665 – Debian Security Advisory 3295-1
https://notcve.org/view.php?id=CVE-2015-2665
17 Jun 2015 — Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Cacti anterior a 0.8.8d permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados. Several vulnerabilities (cross-site scripting and SQL injection) have been discovered in Cacti, a web interface for graphing of monitoring systems. • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183449.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2015-4454 – Debian Security Advisory 3295-1
https://notcve.org/view.php?id=CVE-2015-4454
17 Jun 2015 — SQL injection vulnerability in the get_hash_graph_template function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graph_template_id parameter to graph_templates.php. Vulnerabilidad de inyección SQL en la función get_hash_graph_template en lib/functions.php en Cacti anterior a 0.8.8d permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro graph_template_id en graph_templates.php. Several vulnerabilities (cross-site s... • http://bugs.cacti.net/view.php?id=2572 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 4%CPEs: 4EXPL: 0CVE-2015-4342 – Debian Security Advisory 3295-1
https://notcve.org/view.php?id=CVE-2015-4342
09 Jun 2015 — SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving a cdef id. Vulnerabilidad de inyección SQL en Cacti anterior a 0.8.8d permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados que involucran un id cdef. Several vulnerabilities (cross-site scripting and SQL injection) have been discovered in Cacti, a web interface for graphing of monitoring systems. • http://bugs.cacti.net/view.php?id=2571 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •