CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 3CVE-2016-5418 – libarchive: Archive Entry with type 1 (hardlink), but has a non-zero data size file overwrite
https://notcve.org/view.php?id=CVE-2016-5418
The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file. El código sandboxing en libarchive 3.2.0 y versiones anteriores no maneja adecuadamente entradas de archivo de vínculo físico de datos de tamaño distinto de cero, lo que podría permitir a atacantes remotos escribir a archivos arbitrarios a través de un archivo manipulado. A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive. • http://rhn.redhat.com/errata/RHSA-2016-1844.html http://rhn.redhat.com/errata/RHSA-2016-1850.html http://www.openwall.com/lists/oss-security/2016/08/09/2 http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.securityfocus.com/bid/93165 https://access.redhat.com/errata/RHSA-2016:1852 https://access.redhat.com/errata/RHSA-2016:1853 https://bugzilla.redhat.com/show_bug.cgi?id=1362601 https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b8 • CWE-19: Data Processing Errors CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5392 – Kubernetes: disclosure of information in multi tenant environments via watch-cache list
https://notcve.org/view.php?id=CVE-2016-5392
The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information via vectors related to the watch-cache list. El servidor API en Kubernetes, como es utilizado en Red Hat OpenShift Enterprise 3.2, en un entorno de múltiples usuarios permite a usuarios remotos autenticados con conocimiento de nombres de otros proyectos obtener información sensible de proyectos y usuarios a través de vectores relacionados con la lista watch-cache. The Kubernetes API server contains a watch cache that speeds up performance. Due to an input validation error OpenShift Enterprise may return data for other users and projects when queried by a user. An attacker with knowledge of other project names could use this vulnerability to view their information. • http://www.securityfocus.com/bid/91793 https://access.redhat.com/errata/RHSA-2016:1427 https://bugzilla.redhat.com/show_bug.cgi?id=1356195 https://access.redhat.com/security/cve/CVE-2016-5392 • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 24%CPEs: 62EXPL: 2CVE-2016-5766 – gd: Integer overflow in _gd2GetHeader() resulting in heap overflow
https://notcve.org/view.php?id=CVE-2016-5766
Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image. Desbordamiento de entero en la función _gd2GetHeader en gd_gd2.c en la GD Graphics Library (también conocido como libgd) en versiones anteriores a 2.2.3, como se utiliza en PHP en versiones anteriores a 5.5.37, 5.6.x en versiones anteriores a 5.6.23 y 7.x en versiones anteriores a 7.0.8, permite a atacantes remotos provocar una denegación de servicio (desbordamiento de búfer basado en memoria dinámica y caída de aplicación) o posiblemente tener otro impacto no especificado a través de dimensiones del pedazo en una imagen manipulada. An integer overflow flaw, leading to a heap-based buffer overflow was found in the imagecreatefromgd2() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application using gd via a specially crafted GD2 image. • http://github.com/php/php-src/commit/7722455726bec8c53458a32851d2a87982cf0eac?w=1 http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00025.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://rhn.redhat.com/errata/RHSA-2016-2598.html http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.debian.org/securit • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3708 – 3: s2i builds implicitly perform docker builds
https://notcve.org/view.php?id=CVE-2016-3708
Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users to access network resources on restricted pods via an s2i build with a builder image that (1) contains ONBUILD commands or (2) does not contain a tar binary. Red Hat OpenShift Enterprise 3.2, cuando multi-tenant SDN está habilitado y un build está ejecutado en un espacio de nombres que normalmente estaría aislado de pods en otros espacios de nombres, permite a usuarios remotos autenticados acceder a recursos de red en pods restringidos a través de un build s2i con una imagen builder que (1) contiene comandos ONBUILD o (2) no contiene un binario tar. A flaw was found in OpenShift Enterprise when multi-tenant SDN is enabled and a build is run within a namespace that would normally be isolated from pods in other namespaces. If an s2i build is run in such an environment the container being built can access network resources on pods that should not be available to it. • https://access.redhat.com/errata/RHSA-2016:1094 https://access.redhat.com/security/cve/CVE-2016-3708 https://bugzilla.redhat.com/show_bug.cgi?id=1331229 • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3738 – origin: pod update allows docker socket access via build-pod
https://notcve.org/view.php?id=CVE-2016-3738
Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-pod. Red Hat OpenShift Enterprise 3.2 no restringe correctamente el acceso a builds STI, lo que permite a usuarios remotos autenticados acceder al socket Docker y obtener privilegios a través de vectores relacionado con build-pod. A vulnerability was found in the STI build process in OpenShift Enterprise. Access to STI builds was not properly restricted, allowing an attacker to use STI builds to access the Docker socket and escalate their privileges. • https://access.redhat.com/errata/RHSA-2016:1094 https://access.redhat.com/security/cve/CVE-2016-3738 https://bugzilla.redhat.com/show_bug.cgi?id=1333461 • CWE-264: Permissions, Privileges, and Access Controls CWE-284: Improper Access Control •