Page 4 of 17 results (0.005 seconds)

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2017-2638 – infinispan: auth bypass in REST api

https://notcve.org/view.php?id=CVE-2017-2638

It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name. Se ha descubierto que la API REST en Infinispan en versiones anteriores a la 9.0.0 no aplicaba correctamente las restricciones auth. Un atacante podría emplear esta vulnerabilidad para leer o modificar datos en la caché por defecto o un nombre de caché conocido. It was found that the REST API in infinispan did not properly enforce auth constraints. • http://rhn.redhat.com/errata/RHSA-2017-1097.html http://www.securityfocus.com/bid/97964 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2638 https://github.com/infinispan/infinispan/pull/4936/commits https://issues.jboss.org/browse/ISPN-7485 https://access.redhat.com/security/cve/CVE-2017-2638 https://bugzilla.redhat.com/show_bug.cgi?id=1428564 • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •

CVSS: 7.8EPSS: 1%CPEs: 5EXPL: 0

CVE-2016-4970 – netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl

https://notcve.org/view.php?id=CVE-2016-4970

handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop). handler/ssl/OpenSslEngine.java en Netty 4.0.x en versiones anteriores a 4.0.37.Final y 4.1.x en versiones anteriores a 4.1.1.Final permite a los atacantes remotos provocar una denegación de servicio (bucle infinito). • http://netty.io/news/2016/06/07/4-0-37-Final.html http://netty.io/news/2016/06/07/4-1-1-Final.html http://rhn.redhat.com/errata/RHSA-2017-0179.html http://rhn.redhat.com/errata/RHSA-2017-1097.html http://www.securityfocus.com/bid/96540 https://bugzilla.redhat.com/show_bug.cgi?id=1343616 https://github.com/netty/netty/pull/5364 https://lists.apache.org/thread.html/afaa5860e3a6d327eb96c3d82cbd2f5996de815a16854ed1ad310144%40%3Ccommits.cassandra.apache.org%3E https://wiki • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •