CVSS: 6.5EPSS: 13%CPEs: 18EXPL: 0CVE-2016-2125 – samba: Unconditional privilege delegation to Kerberos servers in trusted realms
https://notcve.org/view.php?id=CVE-2016-2125
19 Dec 2016 — It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users. Se ha descubierto que Samba, en versiones anteriores a la 4.5.3, 4.4.8 y 4.3.13, siempre solicitaba tickets que podían reenviarse al emplear la autenticación de Kerberos. Un servicio al que Samba se ha autenticado con Kerberos podría ... • http://rhn.redhat.com/errata/RHSA-2017-0494.html • CWE-20: Improper Input Validation CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 0CVE-2015-5160 – libvirt: Ceph id/key leaked in the process list
https://notcve.org/view.php?id=CVE-2015-5160
03 Nov 2016 — libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing. libvirt en versiones anteriores a la 2.2 incluye las credenciales de Ceph en la línea de comandos qemu cuando se utiliza RADOS Block Device (también conocido como RBD), lo que permite a los usuarios locales obtener información sensible mediante un listado de procesos. It was found that the libvirt daemon, when using RBD... • http://rhn.redhat.com/errata/RHSA-2016-2577.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2016-6325 – tomcat: tomcat writable config files allow privilege escalation
https://notcve.org/view.php?id=CVE-2016-6325
12 Oct 2016 — The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group. El paquete Tomcat en Red Hat Enterprise Linux (RHEL) 5 hasta la versión 7, JBoss Web Server 3.0 y JBoss EWS 2 utiliza permisos débiles para (1) /etc/sysconfig/tomcat y (2) /etc/tomcat/tomcat.conf, lo que permite a usuarios locales o... • http://rhn.redhat.com/errata/RHSA-2016-2045.html • CWE-264: Permissions, Privileges, and Access Controls CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 38EXPL: 0CVE-2016-5403 – Qemu: virtio: unbounded memory allocation on host via guest leading to DoS
https://notcve.org/view.php?id=CVE-2016-5403
02 Aug 2016 — The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion. La función virtqueue_pop en hw/virtio/virtio.c en QEMU permite a administradores locales del SO invitado provocar una denegación de servicio (consumo de memoria y caida del proceso QUEMU) mediante la presentación de solicitudes sin esperar la finalización. Quick Emulator (QEMU) built with ... • http://rhn.redhat.com/errata/RHSA-2016-1585.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 0CVE-2016-5126 – Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl
https://notcve.org/view.php?id=CVE-2016-5126
01 Jun 2016 — Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call. Desbordamiento de buffer basado en memoria dinámica en la función iscsi_aio_ioctl en block/iscsi.c en QEMU permite a usuarios locales del SO invitado provocar una denegación de servicio (caída del proceso QEMU) o posiblemente ejecutar código arbitrario a través de u... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a6b3167fa0e825aebb5a7cd8b437b6d41584a196 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 2%CPEs: 42EXPL: 0CVE-2016-4448 – libxml2: Format string vulnerability
https://notcve.org/view.php?id=CVE-2016-4448
27 May 2016 — Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. Vulnerabilidad de formato de cadena en libxml2 en versiones anteriores a 2.9.4 permite a atacantes tener un impacto no especificado a través de especificadores de formato de cadena en vectores desconocidos. It was discovered that libxml2 incorrectly handled format strings. If a user or automated system were tricked into opening a specially crafted document, an atta... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 8.8EPSS: 0%CPEs: 47EXPL: 0CVE-2016-3710 – qemu: incorrect banked access bounds checking in vga module
https://notcve.org/view.php?id=CVE-2016-3710
09 May 2016 — The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue. El módulo VGA en QEMU lleva a cabo incorrectamente comprobaciones de límites sobre acceso almacenado a la memoria de vídeo, lo que permite a administradores locales de SO invitado ejecutar código arbitrario sobre el anfitrión cambiando los modos de ac... • http://rhn.redhat.com/errata/RHSA-2016-0724.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 28EXPL: 1CVE-2016-3627 – libxml2: stack exhaustion while parsing xml files in recovery mode
https://notcve.org/view.php?id=CVE-2016-3627
03 May 2016 — The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document. La función xmlStringGetNodeList en tree.c en libxml2.2.9.3 y versiones anteriores, cuando se utiliza en modo de recuperación, permite a atacantes dependientes del contexto provocar una denegación de servicio (bucle infinito, consumo de pila y caída de la ... • https://packetstorm.news/files/id/136900 • CWE-674: Uncontrolled Recursion •
CVSS: 8.4EPSS: 0%CPEs: 35EXPL: 0CVE-2016-2857 – Qemu: net: out of bounds read in net_checksum_calculate()
https://notcve.org/view.php?id=CVE-2016-2857
08 Apr 2016 — The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet. La función net_checksum_calculate en net/checksum.c en QEMU permite a usuarios del SO invitado provocar una denegación de servicio (lectura de memoria dinámica fuera de rango y caída) a través de una longitud de la carga útil en un paquete manipulado. An out-of-bounds read-access flaw was found in the QEMU emula... • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=362786f14a753d8a5256ef97d7c10ed576d6572b • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 2%CPEs: 17EXPL: 0CVE-2015-5312 – libxml2: CPU exhaustion when processing specially crafted XML input
https://notcve.org/view.php?id=CVE-2015-5312
07 Dec 2015 — The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660. La función xmlStringLenDecodeEntities en parser.c en libxml2 en versiones anteriores a 2.9.3 no previene adecuadamente la expansión de entidad, lo que permite a atacantes dependientes del contexto causar una denegación de servicio (cons... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html • CWE-399: Resource Management Errors •