Page 162 of 1426 results (0.022 seconds)

CVSS: 8.8EPSS: 0%CPEs: 36EXPL: 0

CVE-2016-9842 – zlib: Undefined left shift of negative number

https://notcve.org/view.php?id=CVE-2016-9842

The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. La función inflateMark en inflate.c en zlib 1.2.8 podría permitir que los atacantes dependientes del contexto tener un impacto no especificado a través de vectores que implican cambios a la izquierda de enteros negativos. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html http://www.openwall.com/lists/oss-security/2016/12/05/21 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/95131 http://www.securitytracker.com/id/1039427 https:/&# •

CVSS: 4.7EPSS: 0%CPEs: 21EXPL: 0

CVE-2017-3313 – mysql: Server: MyISAM unspecified vulnerability (CPU Jan 2017)

https://notcve.org/view.php?id=CVE-2017-3313

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts). • http://www.debian.org/security/2017/dsa-3767 http://www.debian.org/security/2017/dsa-3809 http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html http://www.securityfocus.com/bid/95527 http://www.securitytracker.com/id/1037640 https://access.redhat.com/errata/RHSA-2017:2192 https://access.redhat.com/errata/RHSA-2017:2787 https://access.redhat.com/errata/RHSA-2017:2886 https://access.redhat.com/errata/RHSA-2018:0279 https://access.redhat.com/errata/RHSA& •

CVSS: 5.5EPSS: 0%CPEs: 22EXPL: 0

CVE-2016-9401 – bash: popd controlled free

https://notcve.org/view.php?id=CVE-2016-9401

popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address. popd en bash podrían permitir a usuarios locales eludir el shell restringido y provocar un uso después de liberación de memoria a través de una dirección manipulada. A denial of service flaw was found in the way bash handled popd commands. A poorly written shell script could cause bash to crash resulting in a local denial of service limited to a specific bash session. • http://rhn.redhat.com/errata/RHSA-2017-0725.html http://www.openwall.com/lists/oss-security/2016/11/17/5 http://www.openwall.com/lists/oss-security/2016/11/17/9 http://www.securityfocus.com/bid/94398 https://access.redhat.com/errata/RHSA-2017:1931 https://lists.debian.org/debian-lts-announce/2019/03/msg00028.html https://security.gentoo.org/glsa/201701-02 https://access.redhat.com/security/cve/CVE-2016-9401 https://bugzilla.redhat.com/show_bug.cgi?id=1396383 • CWE-416: Use After Free •

CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 0

CVE-2016-8743 – httpd: Apache HTTP Request Parsing Whitespace Defects

https://notcve.org/view.php?id=CVE-2016-8743

Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution. El servidor HTTP Apache, en todas las distribuciones anteriores a la 2.2.32 y la 2.4.25 era liberal en el espacio en blanco aceptado de peticiones y enviado en lineas y cabeceras de respuesta. La aceptación de estos comportamientos diferentes representaba un problema a nivel de seguridad cuando httpd participa en cualquier cadena de proxies o interactúa con servidores de aplicaciones backend, ya sea mediante mod_proxy o utilizando mecanismos CGI convencionales y puede dar lugar al tráfico de peticiones, división de respuestas y contaminación de la caché. It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. • http://rhn.redhat.com/errata/RHSA-2017-1415.html http://www.debian.org/security/2017/dsa-3796 http://www.securityfocus.com/bid/95077 http://www.securitytracker.com/id/1037508 https://access.redhat.com/errata/RHSA-2017:0906 https://access.redhat.com/errata/RHSA-2017:1161 https://access.redhat.com/errata/RHSA-2017:1413 https://access.redhat.com/errata/RHSA-2017:1414 https://access.redhat.com/errata/RHSA-2017:1721 https://h20566.www2.hpe.com/hpsc/doc/public/display • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 5%CPEs: 92EXPL: 0

CVE-2016-7426 – ntp: Client rate limiting and server responses

https://notcve.org/view.php?id=CVE-2016-7426

NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address. NTP en versiones anteriores a 4.2.8p9 limita la clasificación de respuestas recibidas desde las fuentes configuradas cuando la limitación de clasificación para todas las asociaciones está habilitado, lo que permite a atacantes remotos provocar una denegación de servicio (prevenir las respuestas de las fuentes) enviando respuestas con una dirección de origen suplantada. It was found that when ntp is configured with rate limiting for all associations the limits are also applied to responses received from its configured sources. A remote attacker who knows the sources can cause a denial of service by preventing ntpd from accepting valid responses from its sources. • http://nwtime.org/ntp428p9_release http://rhn.redhat.com/errata/RHSA-2017-0252.html http://support.ntp.org/bin/view/Main/NtpBug3071 http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities http://www.securityfocus.com/bid/94451 http://www.securitytracker.com/id/1037354 https://bto.bluecoat.com/security-advisory/sa139 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us https://security.FreeBSD.org/advisories/FreeBSD-SA- • CWE-400: Uncontrolled Resource Consumption •