CVSS: 10.0EPSS: 2%CPEs: 42EXPL: 0CVE-2016-4448 – libxml2: Format string vulnerability
https://notcve.org/view.php?id=CVE-2016-4448
27 May 2016 — Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. Vulnerabilidad de formato de cadena en libxml2 en versiones anteriores a 2.9.4 permite a atacantes tener un impacto no especificado a través de especificadores de formato de cadena en vectores desconocidos. It was discovered that libxml2 incorrectly handled format strings. If a user or automated system were tricked into opening a specially crafted document, an atta... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.8EPSS: 0%CPEs: 29EXPL: 0CVE-2016-4805 – Ubuntu Security Notice USN-3021-2
https://notcve.org/view.php?id=CVE-2016-4805
23 May 2016 — Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions. Vulnerabilidad de uso después de liberación de memoria en drivers/net/ppp/ppp_generic.c en el kernel de Linux en versiones anteriores a 4.5.2 permite a usuarios local... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1f461dcdd296eecedaffffc6bae2bfa90bd7eb89 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2016-3072 – Katello: Authenticated sql injection via sort_by and sort_order request parameter
https://notcve.org/view.php?id=CVE-2016-3072
17 May 2016 — Multiple SQL injection vulnerabilities in the scoped_search function in app/controllers/katello/api/v2/api_controller.rb in Katello allow remote authenticated users to execute arbitrary SQL commands via the (1) sort_by or (2) sort_order parameter. Múltiples vulnerabilidades de inyección SQL en la función scoped_search en app/controllers/katello/api/v2/api_controller.rb en Katello permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de parámetro (1) sort_by o (2) sort_order. An ... • https://access.redhat.com/errata/RHSA-2016:1083 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2015-1350 – Ubuntu Security Notice USN-4904-1
https://notcve.org/view.php?id=CVE-2015-1350
02 May 2016 — The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program. El subsistema VFS en el kernel de Linux 3.x provee un conjunto incompleto de requerimientos para operaciones setattr que subesp... • http://marc.info/?l=linux-kernel&m=142153722930533&w=2 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 0CVE-2016-0640 – mysql: unspecified vulnerability in subcomponent: Server: DML (CPU April 2016)
https://notcve.org/view.php?id=CVE-2016-0640
21 Apr 2016 — Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect integrity and availability via vectors related to DML. Vulnerabilidad no especificada en Oracle MySQL 5.5.47 y versiones anteriores, 5.6.28 y versiones anteriores y 5.7.10 y versiones anteriores y MariaDB en versiones anteriores a 5.5.48, 10.0.x en versiones anteriores a 10.0.24 y 10.1.x en versiones ... • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2016-0647 – mysql: unspecified vulnerability in subcomponent: Server: FTS (CPU April 2016)
https://notcve.org/view.php?id=CVE-2016-0647
21 Apr 2016 — Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to FTS. Vulnerabilidad no especificada en Oracle MySQL 5.5.48 y versiones anteriores, 5.6.29 y versiones anteriores y 5.7.11 y versiones anteriores y MariaDB en versiones anteriores a 5.5.49, 10.0.x en versiones anteriores a 10.0.25 y 10.1.x en versiones anteriores a 1... • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html •
CVSS: 5.1EPSS: 0%CPEs: 13EXPL: 0CVE-2016-0641 – mysql: unspecified vulnerability in subcomponent: Server: MyISAM (CPU April 2016)
https://notcve.org/view.php?id=CVE-2016-0641
21 Apr 2016 — Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect confidentiality and availability via vectors related to MyISAM. Vulnerabilidad no especificada en Oracle MySQL 5.5.47 y versiones anteriores, 5.6.28 y versiones anteriores y 5.7.10 y versiones anteriores y MariaDB en versiones anteriores a 5.5.48, 10.0.x en versiones anteriores a 10.0.24 y 10.1.x en v... • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html •
CVSS: 10.0EPSS: 17%CPEs: 4EXPL: 0CVE-2016-0639 – mysql: unspecified vulnerability in subcomponent: Server: Pluggable Authentication (CPU April 2016)
https://notcve.org/view.php?id=CVE-2016-0639
21 Apr 2016 — Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Pluggable Authentication. Vulnerabilidad no especificada en Oracle MySQL 5.6.29 y versiones anteriores y 5.7.11 y versiones anteriores permite atacantes remotos afectar a la confidencialidad, integridad y confidencialidad a través de vectores relacionados con Pluggable Authentication. Multiple security issues were discovered... • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2016-0666 – mysql: unspecified vulnerability in subcomponent: Server: Security: Privileges (CPU April 2016)
https://notcve.org/view.php?id=CVE-2016-0666
21 Apr 2016 — Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to Security: Privileges. Vulnerabilidad no especificada en Oracle MySQL 5.5.48 y versiones anteriores, 5.6.29 y versiones anteriores y 5.7.11 y versiones anteriores y MariaDB en versiones anteriores a 5.5.49, 10.0.x en versiones anteriores a 10.0.25 y 10.1.x en version... • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2016-0650 – mysql: unspecified vulnerability in subcomponent: Server: Replication (CPU April 2016)
https://notcve.org/view.php?id=CVE-2016-0650
21 Apr 2016 — Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to Replication. Vulnerabilidad no especificada en Oracle MySQL 5.5.47 y versiones anteriores, 5.6.28 y versiones anteriores y 5.7.10 y versiones anteriores y MariaDB en versiones anteriores a 5.5.48, 10.0.x en versiones anteriores a 10.0.24 y 10.1.x en versiones anteri... • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html •