Page 38 of 278 results (0.010 seconds)

CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0

CVE-2014-5009 – snoopy: incomplete fixes for command execution flaws

https://notcve.org/view.php?id=CVE-2014-5009

Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008. Snoopy permite a atacantes remotos ejecutar comandos arbitrarios. NOTA: esta vulnerabilidad existe debido a una corrección incompleta para CVE-2014-5008. Various command-execution flaws were found in the Snoopy library included with Nagios. • http://rhn.redhat.com/errata/RHSA-2017-0211.html http://rhn.redhat.com/errata/RHSA-2017-0212.html http://rhn.redhat.com/errata/RHSA-2017-0213.html http://rhn.redhat.com/errata/RHSA-2017-0214.html http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?r1=1.28&r2=1.29 http://www.openwall.com/lists/oss-security/2014/07/09/11 http://www.openwall.com/lists/oss-security/2014/07/16/10 http://www.openwall.com/lists/oss-security/2014/07/18 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0

CVE-2008-7313 – snoopy: incomplete fixes for command execution flaws

https://notcve.org/view.php?id=CVE-2008-7313

The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796. La función _httpsrequest en Snoopy permite a atacantes remotos ejecutar comandos arbitrarios. NOTA: este problema existe debido a una solución incompleta para CVE-2008-4796. Various command-execution flaws were found in the Snoopy library included with Nagios. • http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27 http://www.openwall.com/lists/oss-security/2014/07/09/11 http://www.openwall.com/lists/oss-security/2014/07/16/10 http://www.openwall.com/lists/oss-security/2014/07/18/2 http://www.securityfocus.com/bid/68776 https://bugzilla.redhat.com/show_bug.cgi?id=1121497 https://exchange.xforce.ibmcloud.com/vulnerabilities/94737 https://rhn.redhat.com/errata/RHSA-2017-0211.html https:/ • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2016-9590 – puppet-swift: installs config file with world readable permissions

https://notcve.org/view.php?id=CVE-2016-9590

puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage (swift). During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf file with world-readable permissions. puppet-swift en versiones anteriores a la 8.2.1 y 9.4.4 es vulnerable a la divulgación de información en la instalación de Object Storage (swift) de Red Hat OpenStack Platform director. Durante la instalación, el script Puppet responsable de desplegar el servicio elimina y recrea incorrectamente el archivo proxy-server.conf con permisos de lectura globales. An information-disclosure flaw was discovered in Red Hat OpenStack Platform director's installation of Object Storage (swift). During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf file with world-readable permissions. • http://rhn.redhat.com/errata/RHSA-2017-0200.html http://rhn.redhat.com/errata/RHSA-2017-0359.html http://rhn.redhat.com/errata/RHSA-2017-0361.html http://www.securityfocus.com/bid/95448 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9590 https://access.redhat.com/security/cve/CVE-2016-9590 https://bugzilla.redhat.com/show_bug.cgi?id=1410293 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.3EPSS: 1%CPEs: 3EXPL: 1

CVE-2016-9587 – Ansible 2.1.4/2.2.1 - Command Execution

https://notcve.org/view.php?id=CVE-2016-9587

Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges. Ansible, en versiones anteriores a la 2.1.4 y la 2.2.1, es vulnerable a una validación de entradas incorrecta en la gestión de Ansible de datos enviados desde los sistemas de clientes. Un atacante que tenga el control de un sistema de cliente gestionado por Ansible y la capacidad de enviar hechos de vuelta al servidor de Ansible podría usar este error para ejecutar código arbitrario en el servidor de Ansible utilizando los privilegios del servidor de Ansible. An input validation vulnerability was found in Ansible's handling of data sent from client systems. • https://www.exploit-db.com/exploits/41013 http://rhn.redhat.com/errata/RHSA-2017-0195.html http://rhn.redhat.com/errata/RHSA-2017-0260.html http://www.securityfocus.com/bid/95352 https://access.redhat.com/errata/RHSA-2017:0448 https://access.redhat.com/errata/RHSA-2017:0515 https://access.redhat.com/errata/RHSA-2017:1685 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9587 https://security.gentoo.org/glsa/201701-77 https://access.redhat.com/security/cve/C • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2016-9599 – puppet-tripleo: if ssl is enabled, traffic is open on both undercloud and overcloud

https://notcve.org/view.php?id=CVE-2016-9599

puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. If SSL is enabled, a malicious user could use these open ports to gain access to unauthorized resources. puppet-tripleo, en versiones anteriores a la 5.5.0 y la 6.2.0, es vulnerable a un error de control de acceso en la gestión de reglas IPtables, que permite la creación de reglas TCP/UDP con valores de puerto vacíos. Si SSL está habilitado, un usuario malicioso podría emplear estos puertos abiertos para obtener acceso a recursos no autorizados. • http://rhn.redhat.com/errata/RHSA-2017-0025.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9599 https://access.redhat.com/security/cve/CVE-2016-9599 https://bugzilla.redhat.com/show_bug.cgi?id=1409687 • CWE-284: Improper Access Control •