CVSS: 8.1EPSS: 0%CPEs: 14EXPL: 0CVE-2016-3477 – mysql: unspecified vulnerability in subcomponent: Server: Parser (CPU July 2016)
https://notcve.org/view.php?id=CVE-2016-3477
21 Jul 2016 — Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser. Vulnerabilidad no especificada en Oracle MySQL 5.5.49 y versiones anteriores, 5.6.30 y versiones anteriores y 5.7.12 y versiones anteriores y MariaDB en versiones anteriores a 5.5.50, 10.0.x en versiones anteriores a 1... • http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html •
CVSS: 6.8EPSS: 0%CPEs: 14EXPL: 0CVE-2016-3521 – mysql: unspecified vulnerability in subcomponent: Server: Types (CPU July 2016)
https://notcve.org/view.php?id=CVE-2016-3521
21 Jul 2016 — Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types. Vulnerabilidad no especificada en Oracle MySQL 5.5.49 y versiones anteriores, 5.6.30 y versiones anteriores y 5.7.12 y versiones anteriores y MariaDB en versiones anteriores a 5.5.50, 10.0.x en versiones anteriores a 10.0.26 y 10.1.x en... • http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html •
CVSS: 5.3EPSS: 1%CPEs: 14EXPL: 0CVE-2016-3615 – mysql: unspecified vulnerability in subcomponent: Server: DML (CPU July 2016)
https://notcve.org/view.php?id=CVE-2016-3615
21 Jul 2016 — Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML. Vulnerabilidad no especificada en Oracle MySQL 5.5.49 y versiones anteriores, 5.6.30 y versiones anteriores y 5.7.12 y versiones anteriores y MariaDB en versiones anteriores a 5.5.50, 10.0.x en versiones anteriores a 10.0.26 y 10.1.x en v... • http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html •
CVSS: 6.5EPSS: 1%CPEs: 6EXPL: 0CVE-2016-3501 – mysql: unspecified vulnerability in subcomponent: Server: Optimizer (CPU July 2016)
https://notcve.org/view.php?id=CVE-2016-3501
21 Jul 2016 — Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer. Vulnerabilidad no especificada en Oracle MySQL 5.6.30 y versiones anteriores y 5.7.12 y versiones anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con Server: Optimizer. Multiple security issues were discovered in MySQL and this update include s new upstream MySQL ve... • http://rhn.redhat.com/errata/RHSA-2016-1601.html •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2016-3614 – mysql: unspecified vulnerability in subcomponent: Server: Security: Encryption (CPU July 2016)
https://notcve.org/view.php?id=CVE-2016-3614
21 Jul 2016 — Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption. Vulnerabilidad no especificada en Oracle MySQL 5.6.30 y versiones anteriores y 5.7.12 y versiones anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con Server: Security: Encryption. Multiple security issues were discovered in MySQL and this update include s... • http://rhn.redhat.com/errata/RHSA-2016-1601.html •
CVSS: 6.8EPSS: 5%CPEs: 6EXPL: 0CVE-2016-3486 – mysql: unspecified vulnerability in subcomponent: Server: FTS (CPU July 2016)
https://notcve.org/view.php?id=CVE-2016-3486
21 Jul 2016 — Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS. Vulnerabilidad no especificada en Oracle MySQL 5.6.30 y versiones anteriores y 5.7.12 y versiones anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con Server: FTS. Multiple security issues were discovered in MySQL and this update include s new upstream MySQL versions to fi... • http://rhn.redhat.com/errata/RHSA-2016-1601.html •
CVSS: 9.8EPSS: 1%CPEs: 9EXPL: 0CVE-2016-2090 – Ubuntu Security Notice USN-4243-1
https://notcve.org/view.php?id=CVE-2016-2090
20 Jul 2016 — Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow. Vulnerabilidad de error por un paso en la función fgetwln en libbsd en versiones anteriores a 0.8.2 permite a atacantes tener un impacto no especificado a través de vectores desconocidos, lo que desencadena un desbordamiento de búfer basado en memoria dinámica. It was discovered that libbsd incorrectly handled certain inputs. An ... • http://www.openwall.com/lists/oss-security/2016/01/28/5 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 73%CPEs: 52EXPL: 0CVE-2016-5387 – HTTPD: sets environmental variable based on user supplied Proxy request header
https://notcve.org/view.php?id=CVE-2016-5387
18 Jul 2016 — The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID fo... • http://lists.opensuse.org/opensuse-updates/2016-07/msg00059.html • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 2%CPEs: 8EXPL: 0CVE-2015-8923 – libarchive: Unclear crashes in ZIP parser
https://notcve.org/view.php?id=CVE-2015-8923
14 Jul 2016 — The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file. La función process_extra en libarchive en versiones anteriores a 3.2.0 utiliza el campo de tamaño y un número con signo en un desplazamiento, lo que permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo zip manipulado. A vulnerability was found in libarchive. A specially ... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 5%CPEs: 7EXPL: 0CVE-2015-8917 – libarchive: NULL pointer access in CAB parser
https://notcve.org/view.php?id=CVE-2015-8917
14 Jul 2016 — bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file. bsdtar en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída) a través de un caracter no válido en el nombre de un archivo cab. A vulnerability was found in libarchive. A specially crafted CAB file could cause the application dereference a NULL ... • http://rhn.redhat.com/errata/RHSA-2016-1844.html • CWE-476: NULL Pointer Dereference •