Page 11 of 300 results (0.013 seconds)

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

21 Apr 2016 — Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Filesystem. Vulnerabilidad no especificada en Oracle Sun Solaris 10 y 11.3 permite a usuarios locales afectar a la confidencialidad, integridad y disponibilidad a través de vectores relacionados con Filesystem. • http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

21 Apr 2016 — Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Network Configuration Service. Vulnerabilidad no especificada en Oracle Sun Solaris 11.3 permite a usuarios locales afectar a la disponibilidad a través de vectores relacionados con Network Configuration Service. • http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

21 Apr 2016 — Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via vectors related to ZFS. Vulnerabilidad no especificada en Oracle Sun Solaris 10 y 11.3 permite a usuarios locales afectar la disponibilidad a través de vectores relacionados con ZFS. • http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html •

CVSS: 7.5EPSS: 12%CPEs: 19EXPL: 0

02 Mar 2016 — Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp. Perl podría permitir a atacantes dependientes de contexto eludir los mecanismos de protección taint en un proceso hijo a través de variables de entorno duplicadas en envp. Stephane Chazelas discovered a bug in the environment handling in Perl. Perl provides a Perl-space hash variable, %ENV, in which environment variables can be looked up. If a variable appears... • http://lists.opensuse.org/opensuse-updates/2016-03/msg00112.html • CWE-20: Improper Input Validation •

CVSS: 5.3EPSS: 1%CPEs: 32EXPL: 0

05 Feb 2016 — The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string. La función xdr_nullstring en lib/kadm5/kadm_rpc_xdr.c en kadmind in MIT Kerberos 5 (también conocido como krb5) en versiones anteriores a 1.13.4 y 1.14.x en versiones anterio... • http://krbdev.mit.edu/rt/Ticket/Display.html?id=8341 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

03 Feb 2016 — The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers, which allows remote authenticated users to bypass intended access restrictions and gain access to cloud resources by manipulating byte fields within a revoked token. El servicio de identificación en OpenStac... • http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html • CWE-522: Insufficiently Protected Credentials •

CVSS: 9.8EPSS: 0%CPEs: 24EXPL: 0

21 Jan 2016 — Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Options. Vulnerabilidad no especificada en Oracle MySQL 5.5.46 y versiones anteriores, 5.6.27 y versiones anteriores y 5.7.9 y MariaDB en versiones anteriores a 5.5.47, 10.0.x en versiones anteriores a 10.0.23 y 10.1.x en versiones anteriores a 10.1.10 per... • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html •

CVSS: 9.8EPSS: 0%CPEs: 24EXPL: 0

21 Jan 2016 — Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impac... • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 9.8EPSS: 0%CPEs: 23EXPL: 0

21 Jan 2016 — Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML. Vulnerabilidad no especificada en Oracle MySQL 5.5.46 y versiones anteriores y 5.6.27 y versiones anteriores y MariaDB en versiones anteriores a 5.5.47, 10.0.x en versiones anteriores a 10.0.23 y 10.1.x en versiones anteriores a 10.1.10 permite a usuarios remotos aut... • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html •

CVSS: 8.1EPSS: 0%CPEs: 24EXPL: 0

21 Jan 2016 — Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. Vulnerabilidad no especificada en Oracle MySQL 5.5.46 y versiones anteriores, 5.6.27 y versiones anteriores y 5.7.9 y MariaDB en versiones anteriores a 5.5.47, 10.0.x en versiones anteriores a 10.0.23 y 10.1.x en versiones anteriores a 10.1.10 p... • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html •