CVSS: 9.8EPSS: 0%CPEs: 76EXPL: 0CVE-2016-9877
https://notcve.org/view.php?id=CVE-2016-9877
An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected. Un problema fue descubierto en Pivotal RabbitMQ 3.x en versiones anteriores a 3.5.8 y 3.6.x en versiones anteriores a 3.6.6 y RabbitMQ for PCF 1.5.x en versiones anteriores a 1.5.20, 1.6.x en versiones anteriores a 1.6.12 y 1.7.x en versiones anteriores a 1.7.7. Autenticación de conexión MQTT (MQ Telemetry Transport) con un nombre de usuario/contraseña tiene éxito si se provee un nombre de usuario existente pero la contraseña es omitida de la petición de conexión. • http://www.debian.org/security/2017/dsa-3761 http://www.securityfocus.com/bid/95065 https://pivotal.io/security/cve-2016-9877 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03880en_us • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2016-7081 – ThinPrint TPClnt/TPView Heap-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-7081
Multiple heap-based buffer overflows in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS via unspecified vectors. Múltiples desbordamientos de búfer basados en memoria dinámica en VMware Workstation Pro 12.x en versiones anteriores a 12.5.0 y VMware Workstation Player 12.x en versiones anteriores a 12.5.0 en Windows, cuando la impresión virtual Cortado ThinPrint está habilitada, permiten a usuarios invitados del SO ejecutar código arbitrario en el SO anfitrión a través de vectores no especificados. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of ThinPrint. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of print requests. The issue lies in the failure to properly validate the length of user-supplied data prior to copying it to a heap-based buffer. • http://www.securityfocus.com/bid/92935 http://www.securitytracker.com/id/1036805 http://www.vmware.com/security/advisories/VMSA-2016-0014.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0CVE-2016-7079
https://notcve.org/view.php?id=CVE-2016-7079
The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors, a different vulnerability than CVE-2016-7080. Las funciones de aceleración gráfica en VMware Tools 9.x y 10.x en versiones anteriores a 10.0.9 en OS X permiten a usuarios locales obtener privilegios o provocar una denegación de servicio (referencia a puntero NULL) a través de vectores no especificados, una vulnerabilidad diferente a CVE-2016-7080. • http://www.securityfocus.com/bid/92938 http://www.securitytracker.com/id/1036804 http://www.vmware.com/security/advisories/VMSA-2016-0014.html • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 8%CPEs: 22EXPL: 0CVE-2016-7456 – VMware VDP Known SSH Key
https://notcve.org/view.php?id=CVE-2016-7456
VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session. VMware vSphere Data Protection (VDP) 5.5.x hasta la versión 6.1.x tiene una clave privada SSH con una contraseña públicamente conocida, lo que hace más fácil a atacantes remotos obtener acceso de inicio de sesión a través de una sesión SSH. VMware vSphere Data Protection appliances 5.5.x through 6.1.x contain a known ssh private key for the local user admin who is a sudoer without password. • http://www.securityfocus.com/bid/94990 http://www.securitytracker.com/id/1037502 http://www.vmware.com/security/advisories/VMSA-2016-0024.html • CWE-255: Credentials Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 32EXPL: 0CVE-2016-9878 – Framework: Directory Traversal in the Spring Framework ResourceServlet
https://notcve.org/view.php?id=CVE-2016-9878
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks. Un problema fue descubierto en Pivotal Spring Framework en versiones anteriores a 3.2.18, 4.2.x en versiones anteriores a 4.2.9 y 4.3.x en versiones anteriores a 4.3.5. Las rutas proporcionadas al ResourceServlet no fueron desinfectadas adecuadamente y como resultado expuestas a ataques de salto de directorio. It was found that ResourceServlet in Spring Framework does not sanitize the paths that have been provided properly. • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.securityfocus.com/bid/95072 http://www.securitytracker.com/id/1040698 https://access.redhat.com/errata/RHSA-2017:3115 https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html https://pivotal.io/security/cve-2016-9878 https://security.netapp.com/adviso • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •