CVE-2016-5612 – mysql: unspecified vulnerability in subcomponent: Server: DML (CPU October 2016)
https://notcve.org/view.php?id=CVE-2016-5612
Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML. Vulnerabilidad no especificada en Oracle MySQL 5.5.50 y versiones anteriores, 5.6.31 y versiones anteriores y 5.7.13 y versiones anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con DML. • http://rhn.redhat.com/errata/RHSA-2016-1601.html http://rhn.redhat.com/errata/RHSA-2016-2130.html http://rhn.redhat.com/errata/RHSA-2016-2131.html http://rhn.redhat.com/errata/RHSA-2016-2595.html http://rhn.redhat.com/errata/RHSA-2016-2927.html http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.securityfocus.com/bid/93630 http://www.securitytracker.com/id/1037050 https://security.gentoo.org/glsa/201701-01 https://access.redhat.com •
CVE-2016-3492 – mysql: unspecified vulnerability in subcomponent: Server: Optimizer (CPU October 2016)
https://notcve.org/view.php?id=CVE-2016-3492
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer. Vulnerabilidad no especificada en Oracle MySQL 5.5.51 y versiones anteriores, 5.6.32 y versiones anteriores y 5.7.14 y versiones anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con Server: Optimizer. • http://rhn.redhat.com/errata/RHSA-2016-2130.html http://rhn.redhat.com/errata/RHSA-2016-2131.html http://rhn.redhat.com/errata/RHSA-2016-2595.html http://rhn.redhat.com/errata/RHSA-2016-2749.html http://rhn.redhat.com/errata/RHSA-2016-2927.html http://rhn.redhat.com/errata/RHSA-2016-2928.html http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.securityfocus.com/bid/93650 http://www.securitytracker.com/id/1037050 https://mariadb.co •
CVE-2016-5624 – mysql: unspecified vulnerability in subcomponent: Server: DML (CPU October 2016)
https://notcve.org/view.php?id=CVE-2016-5624
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML. Vulnerabilidad no especificada en Oracle MySQL 5.5.51 y versiones anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con DML. • http://rhn.redhat.com/errata/RHSA-2016-2130.html http://rhn.redhat.com/errata/RHSA-2016-2131.html http://rhn.redhat.com/errata/RHSA-2016-2595.html http://rhn.redhat.com/errata/RHSA-2016-2927.html http://rhn.redhat.com/errata/RHSA-2016-2928.html http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.securityfocus.com/bid/93635 http://www.securitytracker.com/id/1037050 https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes https:/& •
CVE-2016-5425 – Apache Tomcat 8/7/6 (RedHat Based Distros) - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-5425
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group. El paquete Tomcat en Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux y posiblemente en otros productos distribuidos por Linux utiliza permisos débiles para /usr/lib/tmpfiles.d/tomcat.conf, lo que permite a usuarios locales obtener privilegios de root aprovechando su pertenencia al grupo tomcat. It was discovered that the Tomcat packages installed configuration file /usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. Apache Tomcat versions 8, 7, and 6 suffer from a privilege escalation vulnerability on RedHat-based distros. • https://www.exploit-db.com/exploits/40488 http://legalhackers.com/advisories/Tomcat-RedHat-Pkgs-Root-PrivEsc-Exploit-CVE-2016-5425.html http://packetstormsecurity.com/files/139041/Apache-Tomcat-8-7-6-Privilege-Escalation.html http://rhn.redhat.com/errata/RHSA-2016-2046.html http://www.openwall.com/lists/oss-security/2016/10/10/2 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html http://www.securityfocus.com/bid/93472 http://www.securitytracker.com/id/1036979 • CWE-276: Incorrect Default Permissions CWE-284: Improper Access Control •
CVE-2016-7163 – openjpeg: Integer overflow in opj_pi_create_decode
https://notcve.org/view.php?id=CVE-2016-7163
Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write. Desbordamiento de entero en la función opj_pi_create_decode en pi.c en OpenJPEG permite a atacantes remotos ejecutar código arbitrario a través de un archivo JP2 manipulado, lo que desencadena una lectura o escritura fuera de límites. An integer overflow, leading to a heap buffer overflow, was found in OpenJPEG. An attacker could create a crafted JPEG2000 image that, when loaded by an application using openjpeg, could lead to a crash or, potentially, code execution. • http://rhn.redhat.com/errata/RHSA-2017-0559.html http://rhn.redhat.com/errata/RHSA-2017-0838.html http://www.debian.org/security/2016/dsa-3665 http://www.openwall.com/lists/oss-security/2016/09/08/3 http://www.openwall.com/lists/oss-security/2016/09/08/6 http://www.securityfocus.com/bid/92897 https://github.com/uclouvain/openjpeg/commit/c16bc057ba3f125051c9966cf1f5b68a05681de4 https://github.com/uclouvain/openjpeg/commit/ef01f18dfc6780b776d0674ed3e7415c6ef54d24 https://github.com/uclouvain • CWE-190: Integer Overflow or Wraparound •