CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-3419
https://notcve.org/view.php?id=CVE-2016-3419
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via vectors related to Filesystem. Vulnerabilidad no especificada en Oracle Sun Solaris 10 y 11.3 permite a usuarios locales afectar a la disponibilidad a través de vectores relacionados con Filesystem. • http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html http://www.securitytracker.com/id/1035629 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-3441
https://notcve.org/view.php?id=CVE-2016-3441
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Filesystem. Vulnerabilidad no especificada en Oracle Sun Solaris 10 y 11.3 permite a usuarios locales afectar a la confidencialidad, integridad y disponibilidad a través de vectores relacionados con Filesystem. • http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html http://www.securitytracker.com/id/1035629 •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2016-0693
https://notcve.org/view.php?id=CVE-2016-0693
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the PAM LDAP module. Vulnerabilidad no especificada en Oracle Sun Solaris 10 y 11.3 permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores relacionados con el módulo PAM LDAP. • http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html http://www.securitytracker.com/id/1035629 •
CVSS: 5.3EPSS: 0%CPEs: 32EXPL: 0CVE-2015-8629 – krb5: xdr_nullstring() doesn't check for terminating null character
https://notcve.org/view.php?id=CVE-2015-8629
The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string. La función xdr_nullstring en lib/kadm5/kadm_rpc_xdr.c en kadmind in MIT Kerberos 5 (también conocido como krb5) en versiones anteriores a 1.13.4 y 1.14.x en versiones anteriores a 1.14.1 no verifica si existen caracteres '\0' según lo esperado, lo que permite a usuarios remotos autenticados obtener información sensible o causar una denegación de servicio (lectura fuera de rango) a través de una cadena manipulada. An out-of-bounds read flaw was found in the kadmind service of MIT Kerberos. An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write the memory contents to the KDC database if the attacker has write permission, leading to information disclosure. • http://krbdev.mit.edu/rt/Ticket/Display.html?id=8341 http://lists.opensuse.org/opensuse-updates/2016-02/msg00059.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00110.html http://rhn.redhat.com/errata/RHSA-2016-0493.html http://rhn.redhat.com/errata/RHSA-2016-0532.html http://www.debian.org/security/2016/dsa-3466 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html htt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-0535
https://notcve.org/view.php?id=CVE-2016-0535
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via vectors related to RPC. Vulnerabilidad no especificada en Oracle Sun Solaris 10 y 11 permite a atacantes remotos afectar a la disponibilidad a través de vectores relacionados con RPC. • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.securitytracker.com/id/1034735 •