CVE-2015-1854 – 389-ds-base: access control bypass with modrdn
https://notcve.org/view.php?id=CVE-2015-1854
389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call. 389 Directory Server en versiones anteriores a la 1.3.3.10 permite que los atacantes omitan las restricciones de acceso previstas y modifiquen las entradas del directorio mediante una llamada ldapmodrdn manipulada. A flaw was found in the way Red Hat Directory Server performed authorization of modrdn operations. An unauthenticated attacker able to issue an ldapmodrdn call to the directory server could use this flaw to perform unauthorized modifications of entries in the directory server. • http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157069.html http://www.securityfocus.com/bid/74392 https://access.redhat.com/errata/RHSA-2015:0895 https://bugzilla.redhat.com/show_bug.cgi?id=1209573 https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html https://access.redhat.com/security/cve/CVE-2015-1854 • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVE-2015-5705
https://notcve.org/view.php?id=CVE-2015-5705
Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename. Una vulnerabilidad de inyección de argumentos en versiones anteriores a la 2.15.7 de devscripts permite a atacantes escribir en archivos arbitrarios utilizando un enlace simbólico y un nombre de archivo manipulados. • http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163705.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163710.html http://www.openwall.com/lists/oss-security/2015/08/01/7 https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=d8f8fa1d8e4151fa62997cb74403f97ab0d7e1a2 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794260 https://bugzilla.redhat.com/show_bug.cgi?id=1249645 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2015-1783
https://notcve.org/view.php?id=CVE-2015-1783
The prefix variable in the get_or_define_ns function in Lasso before commit 6d854cef4211cdcdbc7446c978f23ab859847cdd allows remote attackers to cause a denial of service (uninitialized memory access and application crash) via unspecified vectors. La variable prefex en la función get_or_define_ns en Lasso anterior a 6d854cef4211cdcdbc7446c978f23ab859847cdd permite que atacantes remotos provoquen una denegación de servicio (acceso a memoria no inicializada y bloqueo de aplicación) mediante vectores sin especificar. • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154321.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154355.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155382.html https://bugzilla.redhat.com/show_bug.cgi?id=1199925 https://repos.entrouvert.org/lasso.git/commit/lasso/xml?id=6d854cef4211cdcdbc7446c978f23ab859847cdd • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-6816
https://notcve.org/view.php?id=CVE-2015-6816
ganglia-web before 3.7.1 allows remote attackers to bypass authentication. ganglia-web en versiones anteriores a la 3.7.1 permite que atacantes remotos eludan la autenticación. • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170362.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169641.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169788.html http://www.openwall.com/lists/oss-security/2015/09/05/6 http://www.securityfocus.com/bid/92146 https://bugzilla.redhat.com/show_bug.cgi?id=1260562 https://github.com/ganglia/ganglia-web/issues/267 https://www.freshports.org/sysutils/ganglia-webfronten • CWE-287: Improper Authentication •
CVE-2016-2173
https://notcve.org/view.php?id=CVE-2016-2173
org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code. org.springframework.core.serializer.DefaultDeserializer en Spring AMQP en versiones anteriores a 1.5.5 a los atacantes remotos ejecutar el código arbitrario. • https://github.com/HaToan/CVE-2016-2173 http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182551.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182850.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182959.html https://bugzilla.redhat.com/show_bug.cgi?id=1326205 https://pivotal.io/security/cve-2016-2173 • CWE-20: Improper Input Validation •