Page 38 of 264 results (0.022 seconds)

CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0

CVE-2015-7529 – sos: Usage of predictable temporary files allows privilege escalation

https://notcve.org/view.php?id=CVE-2015-7529

sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date. sosreport en las versiones 3.x de SoS permite que usuarios locales ibtengan información sensible de archivos sosreport u obtener privilegios mediante un ataque de vínculo simbólico o un archivo de archivado en un directorio temporal. Esto lo demuestra sosreport-$hostname-$date.tar en /tmp/sosreport-$hostname-$date. An insecure temporary file use flaw was found in the way sos created certain sosreport files. A local attacker could possibly use this flaw to perform a symbolic link attack to reveal the contents of sosreport files, or in some cases modify arbitrary files and escalate their privileges on the system. • http://rhn.redhat.com/errata/RHSA-2016-0152.html http://rhn.redhat.com/errata/RHSA-2016-0188.html http://www.securityfocus.com/bid/83162 http://www.ubuntu.com/usn/USN-2845-1 https://access.redhat.com/errata/RHSA-2016:0152 https://access.redhat.com/errata/RHSA-2016:0188 https://bugzilla.redhat.com/show_bug.cgi?id=1282542 https://github.com/sosreport/sos/issues/696 https://access.redhat.com/security/cve/CVE-2015-7529 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-377: Insecure Temporary File •

CVSS: 9.8EPSS: 2%CPEs: 24EXPL: 0

CVE-2015-8391 – pcre: inefficient posix character class syntax check (8.38/16)

https://notcve.org/view.php?id=CVE-2015-8391

The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. La función pcre_compile en pcre_compile.c en PCRE en versiones anteriores a 8.38 no maneja correctamente cierta anidación [: , lo que permite a atacantes remotos causar una denegación de servicio (consumo de CPU) o posiblemente tener otro impacto no especificado a través de una expresión regular manipulada, según lo demostrado por un objeto JavaScript RegExp encontrado por Konqueror. • http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html http://rhn.redhat.com/errata/RHSA-2016-1025.html http://rhn.redhat.com/errata/RHSA-2016-2750.html http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886 http://www.openwall.com/lists/oss-security/2015/11/29/1 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/82990 https:&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-407: Inefficient Algorithmic Complexity •

CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0

CVE-2015-3276 – openldap: incorrect multi-keyword mode cipherstring parsing

https://notcve.org/view.php?id=CVE-2015-3276

The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors. La función nss_parse_ciphers en libraries/libldap/tls_m.c en OpenLDAP no analiza adecuadamente cadenas de cifrado en modo multiclave de estilo OpenSSL, lo que podría provocar el uso de un cifrado más débil que el previsto y permitir a atacantes remotos tener un impacto no especificado a través de vectores desconocidos. A flaw was found in the way OpenLDAP parsed OpenSSL-style cipher strings. As a result, OpenLDAP could potentially use ciphers that were not intended to be enabled. • http://rhn.redhat.com/errata/RHSA-2015-2131.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securitytracker.com/id/1034221 https://bugzilla.redhat.com/show_bug.cgi?id=1238322 https://access.redhat.com/security/cve/CVE-2015-3276 • CWE-682: Incorrect Calculation •

CVSS: 7.5EPSS: 2%CPEs: 62EXPL: 0

CVE-2015-8126 – libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions

https://notcve.org/view.php?id=CVE-2015-8126

Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. Múltiples desbordamientos de buffer en las funciones (1) png_set_PLTE y (2) png_get_PLTE en libpng en versiones anteriores a 1.0.64, 1.1.x y 1.2.x en versiones anteriores a 1.2.54, 1.3.x y 1.4.x en versiones anteriores a 1.4.17, 1.5.x en versiones anteriores a 1.5.24 y 1.6.x en versiones anteriores a 1.6.19 permiten a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente tener otro impacto no especificado a través de un valor bit-depth pequeño en un fragmento IHDR (también conocido como image header) en una imagen PNG. It was discovered that the png_get_PLTE() and png_set_PLTE() functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer overflow or out-of-bounds reads. An attacker could exploit this to cause a crash or potentially execute arbitrary code by tricking an unsuspecting user into processing a specially crafted PNG image. • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172324.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172620.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172647.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172663.html http://lists.fedoraproject.org/pipermail • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 4.0EPSS: 0%CPEs: 34EXPL: 0

CVE-2015-4858 – mysql: unspecified vulnerability related to Server:DML (CPU October 2015)

https://notcve.org/view.php?id=CVE-2015-4858

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.45 y versiones anteriores y 5.6.26 y versiones anteriores, permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores relacionados con DML, una vulnerabilidad diferente a CVE-2015-4913. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html http://rhn.redhat.com/errata/RHSA-2016-0534.html http://rhn.redhat.com/errata/RHSA-2016-0705.html http://rhn.redhat.com/errata/RHSA-2016-1480.html http://rhn.redhat.com/errata/RHSA-2016-1481&# •