CVE-2016-7855 – Adobe Flash Player Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2016-7855
Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016. Vulnerabilidad de uso después de liberación de memoria en Adobe Flash Player en versiones anteriores a 23.0.0.205 en Windows y OS X y en versiones anteriores a 11.2.202.643 en Linux permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados, según se ha explotado activamente en octubre de 2016. Use-after-free vulnerability in Adobe Flash Player Windows and OS and Linux allows remote attackers to execute arbitrary code. • http://rhn.redhat.com/errata/RHSA-2016-2119.html http://www.securityfocus.com/bid/93861 http://www.securitytracker.com/id/1037111 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-128 https://helpx.adobe.com/security/products/flash-player/apsb16-36.html https://security.gentoo.org/glsa/201610-10 https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html https://access.redhat.com/security/cve/CVE-2016-7855 https://bugzilla.redhat.com • CWE-416: Use After Free •
CVE-2016-4286 – flash-plugin: multiple code execution issues fixed in APSB16-32
https://notcve.org/view.php?id=CVE-2016-4286
Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to bypass intended access restrictions via unspecified vectors. Adobe Flash Player en versiones anteriores a 18.0.0.382 y 19.x hasta la versión 23.x en versiones anteriores a 23.0.0.185 en Windows y OS X y en versiones anteriores a 11.2.202.637 en Linux permite a atacantes eludir restricciones destinadas al acceso a través de vectores no especificados. • http://rhn.redhat.com/errata/RHSA-2016-2057.html http://www.securityfocus.com/bid/93497 http://www.securitytracker.com/id/1036985 https://helpx.adobe.com/security/products/flash-player/apsb16-32.html https://security.gentoo.org/glsa/201610-10 https://access.redhat.com/security/cve/CVE-2016-4286 https://bugzilla.redhat.com/show_bug.cgi?id=1383931 • CWE-284: Improper Access Control •
CVE-2016-6325 – tomcat: tomcat writable config files allow privilege escalation
https://notcve.org/view.php?id=CVE-2016-6325
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group. El paquete Tomcat en Red Hat Enterprise Linux (RHEL) 5 hasta la versión 7, JBoss Web Server 3.0 y JBoss EWS 2 utiliza permisos débiles para (1) /etc/sysconfig/tomcat y (2) /etc/tomcat/tomcat.conf, lo que permite a usuarios locales obtener privilegios aprovechando su pertenencia al grupo tomcat. It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. • http://rhn.redhat.com/errata/RHSA-2016-2045.html http://rhn.redhat.com/errata/RHSA-2016-2046.html http://rhn.redhat.com/errata/RHSA-2017-0457.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html http://www.securityfocus.com/bid/93478 https://access.redhat.com/errata/RHSA-2017:0455 https://access.redhat.com/errata/RHSA-2017:0456 https://bugzilla.redhat.com/show_bug.cgi?id=1367447 https://access.redhat.com/security/cve/CVE-2016-6325 • CWE-264: Permissions, Privileges, and Access Controls CWE-284: Improper Access Control •
CVE-2016-6662 – MySQL / MariaDB / PerconaDB 5.5.51/5.6.32/5.7.14 - Code Execution / Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-6662
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15. Oracle MySQL hasta la versión 5.5.52, 5.6.x hasta la versión 5.6.33 y 5.7.x hasta la versión 5.7.15; MariaDB en versiones anteriores a 5.5.51, 10.0.x en versiones anteriores a 10.0.27 y 10.1.x en versiones anteriores a 10.1.17; y Percona Server en versiones anteriores a 5.5.51-38.1, 5.6.x en versiones anteriores a 5.6.32-78.0 y 5.7.x en versiones anteriores a 5.7.14-7 permiten a usuarios locales crear configuraciones arbitrarias y eludir ciertos mecanismos de protección estableciendo general_log_file a una configuración my.cnf NOTA: esto puede ser aprovechado para ejecutar código arbitrario con privilegios root estableciendo malloc_lib. • https://www.exploit-db.com/exploits/40360 https://github.com/MAYASEVEN/CVE-2016-6662 https://github.com/KosukeShimofuji/CVE-2016-6662 https://github.com/konstantin-kelemen/mysqld_safe-CVE-2016-6662-patch http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html http://rhn.redhat.com/errata/RHSA-2016-2058.html http://rhn.redhat.com/errata/RHSA-2016-2059.html http://rhn.redhat.com/errata/RHSA-2016-2060.html http://rhn.redhat.com/errat • CWE-264: Permissions, Privileges, and Access Controls CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2016-5403 – Qemu: virtio: unbounded memory allocation on host via guest leading to DoS
https://notcve.org/view.php?id=CVE-2016-5403
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion. La función virtqueue_pop en hw/virtio/virtio.c en QEMU permite a administradores locales del SO invitado provocar una denegación de servicio (consumo de memoria y caida del proceso QUEMU) mediante la presentación de solicitudes sin esperar la finalización. Quick Emulator (QEMU) built with the virtio framework is vulnerable to an unbounded memory allocation issue. It was found that a malicious guest user could submit more requests than the virtqueue size permits. Processing a request allocates a VirtQueueElement results in unbounded memory allocation on the host controlled by the guest. • http://rhn.redhat.com/errata/RHSA-2016-1585.html http://rhn.redhat.com/errata/RHSA-2016-1586.html http://rhn.redhat.com/errata/RHSA-2016-1606.html http://rhn.redhat.com/errata/RHSA-2016-1607.html http://rhn.redhat.com/errata/RHSA-2016-1652.html http://rhn.redhat.com/errata/RHSA-2016-1653.html http://rhn.redhat.com/errata/RHSA-2016-1654.html http://rhn.redhat.com/errata/RHSA-2016-1655.html http://rhn.redhat.com/errata/RHSA-2016-1756.html http://rhn • CWE-400: Uncontrolled Resource Consumption •