CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-6342
https://notcve.org/view.php?id=CVE-2016-6342
elog 3.1.1 allows remote attackers to post data as any username in the logbook. ELOG versión 3.1.1 permite a tacantes remotos enviar datos usando cualquier nombre que aparezca en el registro de usuarios logueados. • https://bugzilla.redhat.com/show_bug.cgi?id=1371328 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4ZQOPXSMJAJIXH5MRPQS2ZISYJPSLQK • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-5391
https://notcve.org/view.php?id=CVE-2016-5391
libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart). Libreswan anterior a la 3.18 permite a un atacante remoto provocar una denegación de servicio (desreferencia a un puntero NULL y reinicio del daemon pluto). • https://bugzilla.redhat.com/show_bug.cgi?id=1356183 https://libreswan.org/security/CVE-2016-5391/CVE-2016-5391.txt https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/65R6OA5AY7K2UBQUDOLOS5Y3SCULQI6I https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKMS7R4TG6LTAGEBOWVUXF6LAWQXLNXV • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-3704 – pulp: Unsafe use of bash $RANDOM for NSS DB password and seed
https://notcve.org/view.php?id=CVE-2016-3704
Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords. Pulp en sus versiones anteriores a 2.8.5 usa la varible $RANDOM del bash de manera insegura para la generación de contraseñas. Pulp makes unsafe use of Bash's $RANDOM to generate a NSS DB password and seed resulting in insufficient randomness. An attacker could potentially guess the seed used given enough time and compute resources. • https://access.redhat.com/errata/RHSA-2018:0336 https://bugzilla.redhat.com/show_bug.cgi?id=1330264 https://docs.pulpproject.org/user-guide/release-notes/2.8.x.html#pulp-2-8-5 https://github.com/pulp/pulp/blob/pulp-2.8.2-1/server/bin/pulp-qpid-ssl-cfg#L25 https://github.com/pulp/pulp/blob/pulp-2.8.2-1/server/bin/pulp-qpid-ssl-cfg#L97-L105 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YM2LCC7QBRCK4LTN5EZT5OHTVAR3MYTY https:&# • CWE-255: Credentials Management Errors CWE-330: Use of Insufficiently Random Values •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-3696 – pulp: Leakage of CA key in pulp-qpid-ssl-cfg
https://notcve.org/view.php?id=CVE-2016-3696
The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key. El script pulp-qpid-ssl-cfg en Pulp anterior a la versión 2.8.5 permite a usuarios locales obtener la clave de autoridad de certificación. It was found that the private CA key was created in a directory that is world-readable for a small amount of time. A local user could possibly use this flaw to gain access to the private key information in the file. • https://access.redhat.com/errata/RHSA-2018:0336 https://bugzilla.redhat.com/show_bug.cgi?id=1328930 https://docs.pulpproject.org/user-guide/release-notes/2.8.x.html#pulp-2-8-5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YM2LCC7QBRCK4LTN5EZT5OHTVAR3MYTY https://pulp.plan.io/issues/1854 https://access.redhat.com/security/cve/CVE-2016-3696 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2016-3095
https://notcve.org/view.php?id=CVE-2016-3095
server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key. El archivo server/bin/pulp-gen-ca-certificate en Pulp anterior a versión 2.8.2, permite a los usuarios locales leer la clave privada generada. • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182006.html http://www.openwall.com/lists/oss-security/2016/04/06/3 http://www.openwall.com/lists/oss-security/2016/04/18/11 https://bugzilla.redhat.com/show_bug.cgi?id=1322706 https://github.com/pulp/pulp/pull/2503/commits/9f969b94c4b4f310865455d36db207de6cffebca • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •