CVSS: 6.5EPSS: 0%CPEs: 20EXPL: 0CVE-2016-5612 – mysql: unspecified vulnerability in subcomponent: Server: DML (CPU October 2016)
https://notcve.org/view.php?id=CVE-2016-5612
25 Oct 2016 — Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML. Vulnerabilidad no especificada en Oracle MySQL 5.5.50 y versiones anteriores, 5.6.31 y versiones anteriores y 5.7.13 y versiones anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con DML. MariaDB is a multi-user, multi-threaded SQL database server. For all prac... • http://rhn.redhat.com/errata/RHSA-2016-1601.html •
CVSS: 6.5EPSS: 0%CPEs: 19EXPL: 0CVE-2016-5624 – mysql: unspecified vulnerability in subcomponent: Server: DML (CPU October 2016)
https://notcve.org/view.php?id=CVE-2016-5624
25 Oct 2016 — Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML. Vulnerabilidad no especificada en Oracle MySQL 5.5.51 y versiones anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con DML. MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The following packages have been upgraded to a new... • http://rhn.redhat.com/errata/RHSA-2016-2130.html •
CVSS: 6.5EPSS: 0%CPEs: 19EXPL: 0CVE-2016-5626 – mysql: unspecified vulnerability in subcomponent: Server: GIS (CPU October 2016)
https://notcve.org/view.php?id=CVE-2016-5626
25 Oct 2016 — Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS. Vulnerabilidad no especificada en Oracle MySQL 5.5.51 y versiones anteriores, 5.6.32 y versiones anteriores y 5.7.14 y versiones anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con GIS. MariaDB is a multi-user, multi-threaded SQL database server. For all prac... • http://rhn.redhat.com/errata/RHSA-2016-2130.html •
CVSS: 4.9EPSS: 0%CPEs: 21EXPL: 0CVE-2016-5629 – mysql: unspecified vulnerability in subcomponent: Server: Federated (CPU October 2016)
https://notcve.org/view.php?id=CVE-2016-5629
25 Oct 2016 — Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated. Vulnerabilidad no especificada en Oracle MySQL 5.5.51 y versiones anteriores, 5.6.32 y versiones anteriores, and 5.7.14 y versiones anteriores permite a administradores remotos afectar la disponibilidad a través de vectores relacionados con Server: Federated. MariaDB is a multi-user, multi-threaded SQL database ... • http://rhn.redhat.com/errata/RHSA-2016-2130.html •
CVSS: 6.8EPSS: 1%CPEs: 21EXPL: 0CVE-2016-3492 – mysql: unspecified vulnerability in subcomponent: Server: Optimizer (CPU October 2016)
https://notcve.org/view.php?id=CVE-2016-3492
25 Oct 2016 — Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer. Vulnerabilidad no especificada en Oracle MySQL 5.5.51 y versiones anteriores, 5.6.32 y versiones anteriores y 5.7.14 y versiones anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con Server: Optimizer. MariaDB is a multi-user, multi-threaded SQL d... • http://rhn.redhat.com/errata/RHSA-2016-2130.html •
CVSS: 7.8EPSS: 14%CPEs: 23EXPL: 5CVE-2016-5425 – Apache Tomcat 8/7/6 (RedHat Based Distros) - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-5425
10 Oct 2016 — The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group. El paquete Tomcat en Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux y posiblemente en otros productos distribuidos por Linux utiliza permisos débiles para /usr/lib/tmpfiles.d/tomcat.conf, lo que permite a usuarios l... • https://packetstorm.news/files/id/171337 • CWE-276: Incorrect Default Permissions CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 1CVE-2016-7163 – openjpeg: Integer overflow in opj_pi_create_decode
https://notcve.org/view.php?id=CVE-2016-7163
21 Sep 2016 — Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write. Desbordamiento de entero en la función opj_pi_create_decode en pi.c en OpenJPEG permite a atacantes remotos ejecutar código arbitrario a través de un archivo JP2 manipulado, lo que desencadena una lectura o escritura fuera de límites. An integer overflow, leading to a heap buffer overflow, was found in OpenJPEG. An ... • http://rhn.redhat.com/errata/RHSA-2017-0559.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 89%CPEs: 30EXPL: 9CVE-2016-6662 – MySQL / MariaDB / PerconaDB 5.5.51/5.6.32/5.7.14 - Code Execution / Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-6662
12 Sep 2016 — Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL... • https://packetstorm.news/files/id/138678 • CWE-264: Permissions, Privileges, and Access Controls CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 38EXPL: 0CVE-2016-5403 – Qemu: virtio: unbounded memory allocation on host via guest leading to DoS
https://notcve.org/view.php?id=CVE-2016-5403
02 Aug 2016 — The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion. La función virtqueue_pop en hw/virtio/virtio.c en QEMU permite a administradores locales del SO invitado provocar una denegación de servicio (consumo de memoria y caida del proceso QUEMU) mediante la presentación de solicitudes sin esperar la finalización. Quick Emulator (QEMU) built with ... • http://rhn.redhat.com/errata/RHSA-2016-1585.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.3EPSS: 4%CPEs: 26EXPL: 0CVE-2016-5444 – mysql: unspecified vulnerability in subcomponent: Server: Connection (CPU July 2016)
https://notcve.org/view.php?id=CVE-2016-5444
21 Jul 2016 — Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection. Vulnerabilidad no especificada en Oracle MySQL 5.5.48 y versiones anteriores, 5.6.29 y versiones anteriores y 5.7.11 y versiones anteriores y MariaDB en versiones anteriores a 5.5.49, 10.0.x en versiones anteriores a 10.0.25 y 10.1.x en v... • http://rhn.redhat.com/errata/RHSA-2016-0705.html •