CVE-2016-0676
https://notcve.org/view.php?id=CVE-2016-0676
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to the kernel. Vulnerabilidad no especificada en Oracle Sun Solaris 10 permite a usuarios locales afectar a la disponibilidad a través de vectores relacionados con el kernel. • http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html http://www.securitytracker.com/id/1035629 •
CVE-2016-0693
https://notcve.org/view.php?id=CVE-2016-0693
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the PAM LDAP module. Vulnerabilidad no especificada en Oracle Sun Solaris 10 y 11.3 permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores relacionados con el módulo PAM LDAP. • http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html http://www.securitytracker.com/id/1035629 •
CVE-2015-8629 – krb5: xdr_nullstring() doesn't check for terminating null character
https://notcve.org/view.php?id=CVE-2015-8629
The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string. La función xdr_nullstring en lib/kadm5/kadm_rpc_xdr.c en kadmind in MIT Kerberos 5 (también conocido como krb5) en versiones anteriores a 1.13.4 y 1.14.x en versiones anteriores a 1.14.1 no verifica si existen caracteres '\0' según lo esperado, lo que permite a usuarios remotos autenticados obtener información sensible o causar una denegación de servicio (lectura fuera de rango) a través de una cadena manipulada. An out-of-bounds read flaw was found in the kadmind service of MIT Kerberos. An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write the memory contents to the KDC database if the attacker has write permission, leading to information disclosure. • http://krbdev.mit.edu/rt/Ticket/Display.html?id=8341 http://lists.opensuse.org/opensuse-updates/2016-02/msg00059.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00110.html http://rhn.redhat.com/errata/RHSA-2016-0493.html http://rhn.redhat.com/errata/RHSA-2016-0532.html http://www.debian.org/security/2016/dsa-3466 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html htt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVE-2016-0458
https://notcve.org/view.php?id=CVE-2016-0458
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via vectors related to Kernel DAX. Vulnerabilidad no especificada en Oracle Sun Solaris 11 permite a usuarios locales afectar a la disponibilidad a través de vectores relacionados con Kernel DAX. • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.securitytracker.com/id/1034735 •
CVE-2016-0618
https://notcve.org/view.php?id=CVE-2016-0618
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality via unknown vectors related to Zones. Vulnerabilidad no especificada en Oracle Sun Solaris 11 permite a usuarios locales afectar a la confidencialidad a través de vectores desconocidos relacionados con Zones. • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.securitytracker.com/id/1034735 •