CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2015-1795 – glusterfs: glusterfs-server %pretrans rpm script temporary file issue
https://notcve.org/view.php?id=CVE-2015-1795
Red Hat Gluster Storage RPM Package 3.2 allows local users to gain privileges and execute arbitrary code as root. Red Hat Gluster Storage Paquete RPM 3.2 permite a los usuarios locales obtener privilegios y ejecutar código arbitrario como root. It was found that glusterfs-server RPM package would write file with predictable name into world readable /tmp directory. A local attacker could potentially use this flaw to escalate their privileges to root by modifying the shell script during the installation of the glusterfs-server package. • http://rhn.redhat.com/errata/RHSA-2017-0484.html http://rhn.redhat.com/errata/RHSA-2017-0486.html http://www.securityfocus.com/bid/99311 http://www.securitytracker.com/id/1038128 https://bugzilla.redhat.com/show_bug.cgi?id=1200927 https://access.redhat.com/security/cve/CVE-2015-1795 • CWE-264: Permissions, Privileges, and Access Controls CWE-377: Insecure Temporary File •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-8612 – mod_cluster: Protocol parsing logic error
https://notcve.org/view.php?id=CVE-2016-8612
Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process. Apache HTTP Server mod_cluster, en versiones anteriores a httpd 2.4.23, es vulnerable a una validación de entradas incorrecta en la lógica de análisis de protocolo en el balanceador de carga, lo que resulta en un fallo de segmentación en el proceso httpd en servicio. An error was found in protocol parsing logic of mod_cluster load balancer Apache HTTP Server modules. An attacker could use this flaw to cause a Segmentation Fault in the serving httpd process. • http://rhn.redhat.com/errata/RHSA-2016-2957.html http://www.securityfocus.com/bid/94939 https://access.redhat.com/errata/RHSA-2017:0193 https://access.redhat.com/errata/RHSA-2017:0194 https://bugzilla.redhat.com/show_bug.cgi?id=1387605 https://security.netapp.com/advisory/ntap-20180601-0005 https://access.redhat.com/security/cve/CVE-2016-8612 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 1%CPEs: 62EXPL: 0CVE-2016-9841 – zlib: Out-of-bounds pointer arithmetic in inffast.c
https://notcve.org/view.php?id=CVE-2016-9841
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. inffast.c en zlib 1.2.8 puede permitir que atacantes dependientes del contexto causen un impacto no especificado aprovechando una aritmética de puntero incorrecta.. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html http://www.openwall.com/lists/oss-security/2016/12/05/21 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus •
CVSS: 7.5EPSS: 87%CPEs: 45EXPL: 0CVE-2016-9131 – bind: assertion failure while processing response to an ANY query
https://notcve.org/view.php?id=CVE-2016-9131
named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query. named en ISC BIND 9.x en versiones anteriores a 9.9.9-P5, 9.10.x en versiones anteriores a 9.10.4-P5 y 9.11.x en versiones anteriores a 9.11.0-P2 permite a atacantes remotos provocar una denegación de servicio (fallo de aserción y salida de demonio) a través de una respuesta mal formada a una query RTYPE ANY. A denial of service flaw was found in the way BIND processed a response to an ANY query. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. • http://rhn.redhat.com/errata/RHSA-2017-0062.html http://www.debian.org/security/2017/dsa-3758 http://www.securityfocus.com/bid/95386 http://www.securitytracker.com/id/1037582 https://access.redhat.com/errata/RHSA-2017:1583 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05381687 https://kb.isc.org/article/AA-01439/74/CVE-2016-9131 https://security.gentoo.org/glsa/201708-01 https://security.netapp.com/advisory/ntap-20180926-0005 https: • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 18EXPL: 0CVE-2016-2125 – samba: Unconditional privilege delegation to Kerberos servers in trusted realms
https://notcve.org/view.php?id=CVE-2016-2125
It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users. Se ha descubierto que Samba, en versiones anteriores a la 4.5.3, 4.4.8 y 4.3.13, siempre solicitaba tickets que podían reenviarse al emplear la autenticación de Kerberos. Un servicio al que Samba se ha autenticado con Kerberos podría emplear el ticket para suplantar Samba con otros usuarios de servicios o dominios. It was found that Samba always requested forwardable tickets when using Kerberos authentication. • http://rhn.redhat.com/errata/RHSA-2017-0494.html http://rhn.redhat.com/errata/RHSA-2017-0495.html http://rhn.redhat.com/errata/RHSA-2017-0662.html http://rhn.redhat.com/errata/RHSA-2017-0744.html http://www.securityfocus.com/bid/94988 http://www.securitytracker.com/id/1037494 https://access.redhat.com/errata/RHSA-2017:1265 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2125 https://www.samba.org/samba/security/CVE-2016-2125.html https://access.redhat.c • CWE-20: Improper Input Validation CWE-287: Improper Authentication •