CVSS: 6.5EPSS: 0%CPEs: 74EXPL: 0CVE-2016-1280
https://notcve.org/view.php?id=CVE-2016-1280
PKId in Juniper Junos OS before 12.1X44-D52, 12.1X46 before 12.1X46-D37, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R12, 12.3X48 before 12.3X48-D20, 13.3 before 13.3R10, 14.1 before 14.1R8, 14.1X53 before 14.1X53-D40, 14.2 before 14.2R7, 15.1 before 15.1R4, 15.1X49 before 15.1X49-D20, 15.1X53 before 15.1X53-D60, and 16.1 before 16.1R1 allow remote attackers to bypass an intended certificate validation mechanism via a self-signed certificate with an Issuer name that matches a valid CA certificate enrolled in Junos. PKId en Juniper Junos OS en versiones anteriores a 12.1X44-D52, 12.1X46 en versiones anteriores a 12.1X46-D37, 12.1X47 en versiones anteriores a 12.1X47-D30, 12.3 en versiones anteriores a 12.3R12, 12.3X48 en versiones anteriores a 12.3X48-D20, 13.3 en versiones anteriores a 13.3R10, 14.1 en versiones anteriores a 14.1R8, 14.1X53 en versiones anteriores a 14.1X53-D40, 14.2 en versiones anteriores a 14.2R7, 15.1 en versiones anteriores a 15.1R4, 15.1X49 en versiones anteriores a 15.1X49-D20, 15.1X53 en versiones anteriores a 15.1X53-D60 y 16.1 en versiones anteriores a 16.1R1 permiten a atacantes remotos eludir mecanismos destinados a la validación de certificados a través de un certificado auto-firmado con un nombre Issuer que concuerda con un certificado CA válido inscrito en Junos. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10755 http://www.securityfocus.com/bid/91761 http://www.securitytracker.com/id/1036303 • CWE-297: Improper Validation of Certificate with Host Mismatch •
CVSS: 6.7EPSS: 0%CPEs: 68EXPL: 0CVE-2016-1267
https://notcve.org/view.php?id=CVE-2016-1267
Race condition in the RPC functionality in Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D39, 13.3 before 13.3R7, 14.1 before 14.1R6, 14.1X53 before 14.1X53-D30, 14.2 before 14.2R3-S4, 15.1 before 15.1F2, or 15.1R2, 15.1X49 before 15.1X49-D20, and 16.1 before 16.1R1 allows local users to read, delete, or modify arbitrary files via unspecified vectors. Condición de carrera en la funcionalidad RPC en Juniper Junos OS en versiones anteriores a 12.1X44-D55, 12.1X46 en versiones anteriores a 12.1X46-D40, 12.1X47 en versiones anteriores a 12.1X47-D25, 12.3 en versiones anteriores a 12.3R11, 12.3X48 en versiones anteriores a 12.3X48-D20, 13.2 en versiones anteriores a 13.2R8, 13.2X51 en versiones anteriores a 13.2X51-D39, 13.3 en versiones anteriores a 13.3R7, 14.1 en versiones anteriores a 14.1R6, 14.1X53 en versiones anteriores a 14.1X53-D30, 14.2 en versiones anteriores a 14.2R3-S4, 15.1 en versiones anteriores a 15.1F2 o 15.1R2, 15.1X49 en versiones anteriores a 15.1X49-D20 y 16.1 en versiones anteriores a 16.1R1 permite a usuarios locales leer, eliminar o modificar archivos arbitrarios a través de vectores no especificados. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10730 http://www.securitytracker.com/id/1035668 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 0%CPEs: 79EXPL: 0CVE-2016-1264
https://notcve.org/view.php?id=CVE-2016-1264
Race condition in the Op command in Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 12.3X50 before 12.3X50-D50, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D39, 13.2X52 before 13.2X52-D30, 13.3 before 13.3R7, 14.1 before 14.1R6, 14.1X53 before 14.1X53-D30, 14.2 before 14.2R4, 15.1 before 15.1F2 or 15.1R2, 15.1X49 before 15.1X49-D10 or 15.1X49-D20, and 16.1 before 16.1R1 allows remote authenticated users to gain privileges via the URL option. Condición de carrera en el comando Op en Juniper Junos OS en versiones anteriores a 12.1X44-D55, 12.1X46 en versiones anteriores a 12.1X46-D40, 12.1X47 en versiones anteriores a 12.1X47-D25, 12.3 en versiones anteriores a 12.3R11, 12.3X48 en versiones anteriores a 12.3X48-D20, 12.3X50 en versiones anteriores a 12.3X50-D50, 13.2 en versiones anteriores a 13.2R8, 13.2X51 en versiones anteriores a 13.2X51-D39, 13.2X52 en versiones anteriores a 13.2X52-D30, 13.3 en versiones anteriores a 13.3R7, 14.1 en versiones anteriores a 14.1R6, 14.1X53 en versiones anteriores a 14.1X53-D30, 14.2 en versiones anteriores a 14.2R4, 15.1 en versiones anteriores a 15.1F2 o 15.1R2, 15.1X49 en versiones anteriores a 15.1X49-D10 o 15.1X49-D20 y 16.1 en versiones anteriores a 16.1R1 permite a usuarios remotos autenticados obtener privilegios a través de la opción URL. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10725 http://www.securitytracker.com/id/1035669 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.6EPSS: 73%CPEs: 228EXPL: 0CVE-2016-1286 – bind: malformed signature records for DNAME records can trigger assertion failure
https://notcve.org/view.php?id=CVE-2016-1286
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c. named en ISC BIND 9.x en versiones anteriores a 9.9.8-P4 y 9.10.x en versiones anteriores a 9.10.3-P4 permite a atacantes remotos provocar una denegación de servicio (fallo de aserción y salida de demonio) a través de un registro de firma manipulado para un registro DNAME, relacionada con db.c y resolver.c. A denial of service flaw was found in the way BIND parsed signature records for DNAME records. By sending a specially crafted query, a remote attacker could use this flaw to cause named to crash. • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181037.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178831.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178880.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179911.html http://lists.opensuse.org/opensuse- • CWE-617: Reachable Assertion •
CVSS: 6.8EPSS: 17%CPEs: 228EXPL: 0CVE-2016-1285 – bind: malformed packet sent to rndc can trigger assertion failure
https://notcve.org/view.php?id=CVE-2016-1285
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c. named en ISC BIND 9.x en versiones anteriores a 9.9.8-P4 y 9.10.x en versiones anteriores a 9.10.3-P4 no maneja adecuadamente los archivos DNAME cuando analiza gramaticalmente la recuperación de mensajes contestados, lo que permite a atacantes remotos provocar una denegación de servicio (fallo de aserción y salida de demonio) a través de un paquete mal formado en la interfaz rndc (también conocido como canal de control), relacionado con alist.c y sexpr.c. A denial of service flaw was found in the way BIND processed certain control channel input. A remote attacker able to send a malformed packet to the control channel could use this flaw to cause named to crash. • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181037.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178831.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178880.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179911.html http://lists.opensuse.org/opensuse- • CWE-617: Reachable Assertion •