Page 35 of 273 results (0.038 seconds)

CVSS: 4.9EPSS: 0%CPEs: 21EXPL: 0

CVE-2016-5629 – mysql: unspecified vulnerability in subcomponent: Server: Federated (CPU October 2016)

https://notcve.org/view.php?id=CVE-2016-5629

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated. Vulnerabilidad no especificada en Oracle MySQL 5.5.51 y versiones anteriores, 5.6.32 y versiones anteriores, and 5.7.14 y versiones anteriores permite a administradores remotos afectar la disponibilidad a través de vectores relacionados con Server: Federated. • http://rhn.redhat.com/errata/RHSA-2016-2130.html http://rhn.redhat.com/errata/RHSA-2016-2131.html http://rhn.redhat.com/errata/RHSA-2016-2595.html http://rhn.redhat.com/errata/RHSA-2016-2749.html http://rhn.redhat.com/errata/RHSA-2016-2927.html http://rhn.redhat.com/errata/RHSA-2016-2928.html http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.securityfocus.com/bid/93668 http://www.securitytracker.com/id/1037050 https://mariadb.co •

CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 3

CVE-2016-5425 – Apache Tomcat 8/7/6 (RedHat Based Distros) - Local Privilege Escalation

https://notcve.org/view.php?id=CVE-2016-5425

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group. El paquete Tomcat en Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux y posiblemente en otros productos distribuidos por Linux utiliza permisos débiles para /usr/lib/tmpfiles.d/tomcat.conf, lo que permite a usuarios locales obtener privilegios de root aprovechando su pertenencia al grupo tomcat. It was discovered that the Tomcat packages installed configuration file /usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. Apache Tomcat versions 8, 7, and 6 suffer from a privilege escalation vulnerability on RedHat-based distros. • https://www.exploit-db.com/exploits/40488 http://legalhackers.com/advisories/Tomcat-RedHat-Pkgs-Root-PrivEsc-Exploit-CVE-2016-5425.html http://packetstormsecurity.com/files/139041/Apache-Tomcat-8-7-6-Privilege-Escalation.html http://rhn.redhat.com/errata/RHSA-2016-2046.html http://www.openwall.com/lists/oss-security/2016/10/10/2 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html http://www.securityfocus.com/bid/93472 http://www.securitytracker.com/id/1036979&# • CWE-276: Incorrect Default Permissions CWE-284: Improper Access Control •

CVSS: 7.8EPSS: 1%CPEs: 22EXPL: 1

CVE-2016-7163 – openjpeg: Integer overflow in opj_pi_create_decode

https://notcve.org/view.php?id=CVE-2016-7163

Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write. Desbordamiento de entero en la función opj_pi_create_decode en pi.c en OpenJPEG permite a atacantes remotos ejecutar código arbitrario a través de un archivo JP2 manipulado, lo que desencadena una lectura o escritura fuera de límites. An integer overflow, leading to a heap buffer overflow, was found in OpenJPEG. An attacker could create a crafted JPEG2000 image that, when loaded by an application using openjpeg, could lead to a crash or, potentially, code execution. • http://rhn.redhat.com/errata/RHSA-2017-0559.html http://rhn.redhat.com/errata/RHSA-2017-0838.html http://www.debian.org/security/2016/dsa-3665 http://www.openwall.com/lists/oss-security/2016/09/08/3 http://www.openwall.com/lists/oss-security/2016/09/08/6 http://www.securityfocus.com/bid/92897 https://github.com/uclouvain/openjpeg/commit/c16bc057ba3f125051c9966cf1f5b68a05681de4 https://github.com/uclouvain/openjpeg/commit/ef01f18dfc6780b776d0674ed3e7415c6ef54d24 https://github.com/uclouvain&# • CWE-190: Integer Overflow or Wraparound •

CVSS: 5.5EPSS: 0%CPEs: 38EXPL: 0

CVE-2016-5403 – Qemu: virtio: unbounded memory allocation on host via guest leading to DoS

https://notcve.org/view.php?id=CVE-2016-5403

The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion. La función virtqueue_pop en hw/virtio/virtio.c en QEMU permite a administradores locales del SO invitado provocar una denegación de servicio (consumo de memoria y caida del proceso QUEMU) mediante la presentación de solicitudes sin esperar la finalización. Quick Emulator (QEMU) built with the virtio framework is vulnerable to an unbounded memory allocation issue. It was found that a malicious guest user could submit more requests than the virtqueue size permits. Processing a request allocates a VirtQueueElement results in unbounded memory allocation on the host controlled by the guest. • http://rhn.redhat.com/errata/RHSA-2016-1585.html http://rhn.redhat.com/errata/RHSA-2016-1586.html http://rhn.redhat.com/errata/RHSA-2016-1606.html http://rhn.redhat.com/errata/RHSA-2016-1607.html http://rhn.redhat.com/errata/RHSA-2016-1652.html http://rhn.redhat.com/errata/RHSA-2016-1653.html http://rhn.redhat.com/errata/RHSA-2016-1654.html http://rhn.redhat.com/errata/RHSA-2016-1655.html http://rhn.redhat.com/errata/RHSA-2016-1756.html http://rhn • CWE-400: Uncontrolled Resource Consumption •

CVSS: 5.9EPSS: 90%CPEs: 42EXPL: 0

CVE-2016-2775 – bind: Too long query name causes segmentation fault in lwresd

https://notcve.org/view.php?id=CVE-2016-2775

ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol. ISC BIND 9.x en versiones anteriores a 9.9.9-P2, 9.10.x en versiones anteriores a 9.10.4-P2 y 9.11.x en versiones anteriores a 9.11.0b2, cuando lwresd o la opción nombrada lwres está habilitada, permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de una petición larga que utiliza el protocolo ligero de resolución. It was found that the lightweight resolver protocol implementation in BIND could enter an infinite recursion and crash when asked to resolve a query name which, when combined with a search list entry, exceeds the maximum allowable length. A remote attacker could use this flaw to crash lwresd or named when using the "lwres" statement in named.conf. • http://www.securityfocus.com/bid/92037 http://www.securitytracker.com/id/1036360 https://access.redhat.com/errata/RHBA-2017:0651 https://access.redhat.com/errata/RHBA-2017:1767 https://access.redhat.com/errata/RHSA-2017:2533 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05321107 https://kb.isc.org/article/AA-01393/74/CVE-2016-2775 https://kb.isc.org/article/AA-01435 https://kb.isc.org/article/AA-01436 https://kb.isc.org&#x • CWE-20: Improper Input Validation •