CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-3099 – mod_nss: Invalid handling of +CIPHER operator
https://notcve.org/view.php?id=CVE-2016-3099
04 Nov 2016 — mod_ns in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to force the use of ciphers that were not intended to be enabled. mod_ns en Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7, permite a atacantes remotos forzar el uso de cifrados que no estaban destinados a ser habilitados. ... • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183102.html • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-392: Missing Report of Error Condition •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2016-7050 – RESTEasy: SerializableProvider enabled by default and deserializes untrusted data
https://notcve.org/view.php?id=CVE-2016-7050
04 Nov 2016 — SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to execute arbitrary code. SerializablesProvider de RESTEasy en RedHat Enterprise Linux Desktop 7, RedHat Enterprise Linux HPC node 7, RedHat Enterprise Linux Server 7, y RedHat Enterprise Linux WorkStation 7 permite a un atacante remoto ejecutar código arbitrario. It was discovered that under certai... • http://rhn.redhat.com/errata/RHSA-2016-2604.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 2%CPEs: 9EXPL: 0CVE-2016-6489 – nettle: RSA/DSA code is vulnerable to cache-timing related attacks
https://notcve.org/view.php?id=CVE-2016-6489
03 Nov 2016 — The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack. El código de descifrado RSA y DSA en Nettle facilita a los atacantes cubrir las claves privadas a través de un ataque de canal secundario de caché. It was found that nettle's RSA and DSA decryption code was vulnerable to cache-related side channel attacks. An attacker could use this flaw to recover the private key from a co-located virtual-machine instance. Nettle is a cryptograp... • http://rhn.redhat.com/errata/RHSA-2016-2582.html • CWE-203: Observable Discrepancy •
CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 0CVE-2016-0764 – NetworkManager: Race condition allowing info leak
https://notcve.org/view.php?id=CVE-2016-0764
03 Nov 2016 — Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows local users to obtain sensitive connection information by reading temporary files during ifcfg and keyfile changes. Una condición de carrera en Network Manager anterior a versión 1.0.12 como empaquetado en Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Ente... • http://rhn.redhat.com/errata/RHSA-2016-2581.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.8EPSS: 0%CPEs: 13EXPL: 2CVE-2016-7796 – systemd: freeze when PID 1 receives a zero-length message over notify socket
https://notcve.org/view.php?id=CVE-2016-7796
13 Oct 2016 — The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled. La función manager_dispatch_notify_fd en systemd permite a usuarios locales provocar una denegación de servicio (colgado de sistema) a través de un mensaje de longitud cero recibido sobre una notificación de encaje, lo que provoca que se devuelva un error y qu... • http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00015.html • CWE-20: Improper Input Validation CWE-253: Incorrect Check of Function Return Value •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2016-6325 – tomcat: tomcat writable config files allow privilege escalation
https://notcve.org/view.php?id=CVE-2016-6325
12 Oct 2016 — The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group. El paquete Tomcat en Red Hat Enterprise Linux (RHEL) 5 hasta la versión 7, JBoss Web Server 3.0 y JBoss EWS 2 utiliza permisos débiles para (1) /etc/sysconfig/tomcat y (2) /etc/tomcat/tomcat.conf, lo que permite a usuarios locales o... • http://rhn.redhat.com/errata/RHSA-2016-2045.html • CWE-264: Permissions, Privileges, and Access Controls CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2016-7166 – libarchive: Denial of service using a crafted gzip file
https://notcve.org/view.php?id=CVE-2016-7166
12 Sep 2016 — libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file. libarchive en versiones anteriores a 3.2.0 no limita el número de descompresiones recursivas, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y caída de aplicación) a través de un archivo gzip manipulado. A vulnerability was found in libarchive. A specially craft... • http://rhn.redhat.com/errata/RHSA-2016-1844.html • CWE-399: Resource Management Errors CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 5%CPEs: 16EXPL: 3CVE-2016-5418 – libarchive: Archive Entry with type 1 (hardlink), but has a non-zero data size file overwrite
https://notcve.org/view.php?id=CVE-2016-5418
12 Sep 2016 — The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file. El código sandboxing en libarchive 3.2.0 y versiones anteriores no maneja adecuadamente entradas de archivo de vínculo físico de datos de tamaño distinto de cero, lo que podría permitir a atacantes remotos escribir a archivos arbitrarios a través de un archivo manipulado. A flaw was found in the way libarchiv... • http://rhn.redhat.com/errata/RHSA-2016-1844.html • CWE-19: Data Processing Errors CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.1EPSS: 75%CPEs: 18EXPL: 0CVE-2016-5388 – Tomcat: CGI sets environmental variable based on user supplied Proxy request header
https://notcve.org/view.php?id=CVE-2016-5388
19 Jul 2016 — Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "A mitigation is planned for future releases of Tomcat... • http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html • CWE-20: Improper Input Validation CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 2%CPEs: 8EXPL: 2CVE-2016-4302 – libarchive: Heap buffer overflow in the Rar decompression functionality
https://notcve.org/view.php?id=CVE-2016-4302
14 Jul 2016 — Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary. Desbordamiento de búfer basado en memoria dinámica en la función parse_codes en archive_read_support_format_rar.c en libarchive en versiones anteriores a 3.2.1 permite a atacantes remotos ejecutar código arbitrario a través de un archivo RAR con un diccionario de tamaño cero. A vulnerability was f... • http://blog.talosintel.com/2016/06/the-poisoned-archives.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •