Page 33 of 264 results (0.012 seconds)

CVSS: 6.8EPSS: 0%CPEs: 21EXPL: 0

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer. Vulnerabilidad no especificada en Oracle MySQL 5.5.51 y versiones anteriores, 5.6.32 y versiones anteriores y 5.7.14 y versiones anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con Server: Optimizer. • http://rhn.redhat.com/errata/RHSA-2016-2130.html http://rhn.redhat.com/errata/RHSA-2016-2131.html http://rhn.redhat.com/errata/RHSA-2016-2595.html http://rhn.redhat.com/errata/RHSA-2016-2749.html http://rhn.redhat.com/errata/RHSA-2016-2927.html http://rhn.redhat.com/errata/RHSA-2016-2928.html http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.securityfocus.com/bid/93650 http://www.securitytracker.com/id/1037050 https://mariadb.co •

CVSS: 6.5EPSS: 0%CPEs: 19EXPL: 0

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML. Vulnerabilidad no especificada en Oracle MySQL 5.5.51 y versiones anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con DML. • http://rhn.redhat.com/errata/RHSA-2016-2130.html http://rhn.redhat.com/errata/RHSA-2016-2131.html http://rhn.redhat.com/errata/RHSA-2016-2595.html http://rhn.redhat.com/errata/RHSA-2016-2927.html http://rhn.redhat.com/errata/RHSA-2016-2928.html http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.securityfocus.com/bid/93635 http://www.securitytracker.com/id/1037050 https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes https:/& •

CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 3

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group. El paquete Tomcat en Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux y posiblemente en otros productos distribuidos por Linux utiliza permisos débiles para /usr/lib/tmpfiles.d/tomcat.conf, lo que permite a usuarios locales obtener privilegios de root aprovechando su pertenencia al grupo tomcat. It was discovered that the Tomcat packages installed configuration file /usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. Apache Tomcat versions 8, 7, and 6 suffer from a privilege escalation vulnerability on RedHat-based distros. • https://www.exploit-db.com/exploits/40488 http://legalhackers.com/advisories/Tomcat-RedHat-Pkgs-Root-PrivEsc-Exploit-CVE-2016-5425.html http://packetstormsecurity.com/files/139041/Apache-Tomcat-8-7-6-Privilege-Escalation.html http://rhn.redhat.com/errata/RHSA-2016-2046.html http://www.openwall.com/lists/oss-security/2016/10/10/2 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html http://www.securityfocus.com/bid/93472 http://www.securitytracker.com/id/1036979&# • CWE-276: Incorrect Default Permissions CWE-284: Improper Access Control •

CVSS: 7.8EPSS: 1%CPEs: 22EXPL: 1

Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write. Desbordamiento de entero en la función opj_pi_create_decode en pi.c en OpenJPEG permite a atacantes remotos ejecutar código arbitrario a través de un archivo JP2 manipulado, lo que desencadena una lectura o escritura fuera de límites. An integer overflow, leading to a heap buffer overflow, was found in OpenJPEG. An attacker could create a crafted JPEG2000 image that, when loaded by an application using openjpeg, could lead to a crash or, potentially, code execution. • http://rhn.redhat.com/errata/RHSA-2017-0559.html http://rhn.redhat.com/errata/RHSA-2017-0838.html http://www.debian.org/security/2016/dsa-3665 http://www.openwall.com/lists/oss-security/2016/09/08/3 http://www.openwall.com/lists/oss-security/2016/09/08/6 http://www.securityfocus.com/bid/92897 https://github.com/uclouvain/openjpeg/commit/c16bc057ba3f125051c9966cf1f5b68a05681de4 https://github.com/uclouvain/openjpeg/commit/ef01f18dfc6780b776d0674ed3e7415c6ef54d24 https://github.com/uclouvain&# • CWE-190: Integer Overflow or Wraparound •

CVSS: 5.5EPSS: 0%CPEs: 38EXPL: 0

The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion. La función virtqueue_pop en hw/virtio/virtio.c en QEMU permite a administradores locales del SO invitado provocar una denegación de servicio (consumo de memoria y caida del proceso QUEMU) mediante la presentación de solicitudes sin esperar la finalización. Quick Emulator (QEMU) built with the virtio framework is vulnerable to an unbounded memory allocation issue. It was found that a malicious guest user could submit more requests than the virtqueue size permits. Processing a request allocates a VirtQueueElement results in unbounded memory allocation on the host controlled by the guest. • http://rhn.redhat.com/errata/RHSA-2016-1585.html http://rhn.redhat.com/errata/RHSA-2016-1586.html http://rhn.redhat.com/errata/RHSA-2016-1606.html http://rhn.redhat.com/errata/RHSA-2016-1607.html http://rhn.redhat.com/errata/RHSA-2016-1652.html http://rhn.redhat.com/errata/RHSA-2016-1653.html http://rhn.redhat.com/errata/RHSA-2016-1654.html http://rhn.redhat.com/errata/RHSA-2016-1655.html http://rhn.redhat.com/errata/RHSA-2016-1756.html http://rhn • CWE-400: Uncontrolled Resource Consumption •