CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-3099 – mod_nss: Invalid handling of +CIPHER operator
https://notcve.org/view.php?id=CVE-2016-3099
mod_ns in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to force the use of ciphers that were not intended to be enabled. mod_ns en Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7, permite a atacantes remotos forzar el uso de cifrados que no estaban destinados a ser habilitados. A flaw was found in the way mod_nss parsed certain OpenSSL-style cipher strings. As a result, mod_nss could potentially use ciphers that were not intended to be enabled. • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183102.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183129.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184345.html http://rhn.redhat.com/errata/RHSA-2016-2602.html https://bugzilla.redhat.com/show_bug.cgi?id=1319052 https://access.redhat.com/security/cve/CVE-2016-3099 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-392: Missing Report of Error Condition •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2016-5410 – firewalld: Firewall configuration can be modified by any logged in user
https://notcve.org/view.php?id=CVE-2016-5410
firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry, or (5) setEntries D-Bus API method. firewalld.py en firewalld en versiones anteriores a 0.4.3.3 permite a usuarios locales eludir la autenticación y modificar las configuraciones del firewall a través de (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry o (5) setEntries D-Bus API method. A flaw was found in the way firewalld allowed certain firewall configurations to be modified by unauthenticated users. Any locally logged in user could use this flaw to tamper or change firewall settings. • http://rhn.redhat.com/errata/RHSA-2016-2597.html http://www.firewalld.org/2016/08/firewalld-0-4-3-3-release http://www.openwall.com/lists/oss-security/2016/08/16/3 http://www.securityfocus.com/bid/92481 https://bugzilla.redhat.com/show_bug.cgi?id=1360135 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPM3GUQRU2KPRXDEQLAMCDQEAIARJSBT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBJMYLGRVKIPJEI3VZJ4WQZT7FBQ5BKO • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2016-6489 – nettle: RSA/DSA code is vulnerable to cache-timing related attacks
https://notcve.org/view.php?id=CVE-2016-6489
The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack. El código de descifrado RSA y DSA en Nettle facilita a los atacantes cubrir las claves privadas a través de un ataque de canal secundario de caché. It was found that nettle's RSA and DSA decryption code was vulnerable to cache-related side channel attacks. An attacker could use this flaw to recover the private key from a co-located virtual-machine instance. • http://rhn.redhat.com/errata/RHSA-2016-2582.html http://www.openwall.com/lists/oss-security/2016/07/29/7 http://www.ubuntu.com/usn/USN-3193-1 https://bugzilla.redhat.com/show_bug.cgi?id=1362016 https://eprint.iacr.org/2016/596.pdf https://git.lysator.liu.se/nettle/nettle/commit/3fe1d6549765ecfb24f0b80b2ed086fdc818bff3 https://security.gentoo.org/glsa/201706-21 https://www.oracle.com/security-alerts/cpuapr2020.html https://access.redhat.com/security/cve/CVE-2016-6489 • CWE-203: Observable Discrepancy •
CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 0CVE-2016-0764 – NetworkManager: Race condition allowing info leak
https://notcve.org/view.php?id=CVE-2016-0764
Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows local users to obtain sensitive connection information by reading temporary files during ifcfg and keyfile changes. Una condición de carrera en Network Manager anterior a versión 1.0.12 como empaquetado en Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7 y Red Hat Enterprise Linux Workstation 7, permite a los usuarios locales obtener información de conexión confidencial mediante la lectura de archivos temporales durante cambios de ifcfg y keyfile. A race condition vulnerability was discovered in NetworkManager. Temporary files were created insecurely when saving or updating connection settings, which could allow local users to read connection secrets such as VPN passwords or WiFi keys. • http://rhn.redhat.com/errata/RHSA-2016-2581.html https://bugzilla.redhat.com/show_bug.cgi?id=1324025 https://access.redhat.com/security/cve/CVE-2016-0764 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.8EPSS: 0%CPEs: 13EXPL: 2CVE-2016-7796 – systemd: freeze when PID 1 receives a zero-length message over notify socket
https://notcve.org/view.php?id=CVE-2016-7796
The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled. La función manager_dispatch_notify_fd en systemd permite a usuarios locales provocar una denegación de servicio (colgado de sistema) a través de un mensaje de longitud cero recibido sobre una notificación de encaje, lo que provoca que se devuelva un error y que el controlador de notificación se desactive. A flaw was found in the way systemd handled empty notification messages. A local attacker could use this flaw to make systemd freeze its execution, preventing further management of system services, system shutdown, or zombie process collection via systemd. • http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00016.html http://rhn.redhat.com/errata/RHSA-2017-0003.html http://www.openwall.com/lists/oss-security/2016/09/30/1 http://www.securityfocus.com/bid/93250 http://www.securitytracker.com/id/1037320 https://bugzilla.redhat.com/show_bug.cgi?id=1381911 https://github.com/systemd/systemd/issues/4234#issuecomment-250441246 https://rhn.redhat.com/e • CWE-20: Improper Input Validation CWE-253: Incorrect Check of Function Return Value •