CVE-2016-3110 – mod_cluster: remotely Segfault Apache http server
https://notcve.org/view.php?id=CVE-2016-3110
mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of service (Apache http server crash) via an MCMP message containing a series of = (equals) characters after a legitimate element. mod_cluster, tal como se utiliza en Red Hat JBoss Web Server 2.1, permite a atacantes remotos provocar una denegación de servicio (caída del servidor http de Apache) a través de un mensaje MCMP que contiene una serie de caracteres = (iguales) después de un elemento legítimo. It was discovered that it is possible to remotely Segfault Apache http server with a specially crafted string sent to the mod_cluster via service messages (MCMP). • http://rhn.redhat.com/errata/RHSA-2016-1648.html http://rhn.redhat.com/errata/RHSA-2016-1649.html http://rhn.redhat.com/errata/RHSA-2016-1650.html http://rhn.redhat.com/errata/RHSA-2016-2054.html http://rhn.redhat.com/errata/RHSA-2016-2055.html http://rhn.redhat.com/errata/RHSA-2016-2056.html http://www.securityfocus.com/bid/92584 https://bugzilla.redhat.com/show_bug.cgi?id=1326320 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org • CWE-20: Improper Input Validation •
CVE-2016-5440 – mysql: unspecified vulnerability in subcomponent: Server: RBR (CPU July 2016)
https://notcve.org/view.php?id=CVE-2016-5440
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR. Vulnerabilidad no especificada en Oracle MySQL 5.5.49 y versiones anteriores, 5.6.30 y versiones anteriores y 5.7.12 y versiones anteriores y MariaDB en versiones anteriores a 5.5.50, 10.0.x en versiones anteriores a 10.0.26 y 10.1.x en versiones anteriores a 10.1.15 permite a administradores remotos afectar la disponibilidad a través de vectores relacionados con Server: RBR. • http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html http://rhn.redhat.com/errata/RHSA-2016-1480.html http://rhn.redhat.com/errata/RHSA-2016-1601.html http://rhn.redhat.com/errata/RHSA-2016-1602.html http://rhn.redhat.com/errata/RHSA-2016-1603.html http://rhn.redhat.com/errata/RHSA-2016-1604.html http://rhn.redhat.com/errata/RHSA-2016-1637.html http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 http://www.debian.org/security/2016/dsa-3624 •
CVE-2016-3452 – mysql: unspecified vulnerability in subcomponent: Server: Security: Encryption (CPU July 2016)
https://notcve.org/view.php?id=CVE-2016-3452
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption. Vulnerabilidad no especificada en Oracle MySQL 5.5.48 y versiones anteriores, 5.6.29 y versiones anteriores y 5.7.10 y versiones anteriores y MariaDB en versiones anteriores a 5.5.49, 10.0.x en versiones anteriores a 10.0.25 y 10.1.x en versiones anteriores a 10.1.14 permite a atacantes remotos afectar la confidencialidad a través de vectores relacionados con Server: Security: Encryption. • http://rhn.redhat.com/errata/RHSA-2016-0705.html http://rhn.redhat.com/errata/RHSA-2016-1480.html http://rhn.redhat.com/errata/RHSA-2016-1481.html http://rhn.redhat.com/errata/RHSA-2016-1602.html http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.securityfocus.com/bid/91787 http://www.securityfocus.com/bid •
CVE-2016-5444 – mysql: unspecified vulnerability in subcomponent: Server: Connection (CPU July 2016)
https://notcve.org/view.php?id=CVE-2016-5444
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection. Vulnerabilidad no especificada en Oracle MySQL 5.5.48 y versiones anteriores, 5.6.29 y versiones anteriores y 5.7.11 y versiones anteriores y MariaDB en versiones anteriores a 5.5.49, 10.0.x en versiones anteriores a 10.0.25 y 10.1.x en versiones anteriores a 10.1.14 permite a atacantes remotos afectar la confidencialidad a través de vectores relacionados con Server: Connection. • http://rhn.redhat.com/errata/RHSA-2016-0705.html http://rhn.redhat.com/errata/RHSA-2016-1480.html http://rhn.redhat.com/errata/RHSA-2016-1481.html http://rhn.redhat.com/errata/RHSA-2016-1602.html http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.securityfocus.com/bid/91787 http://www.securityfocus.com/bid •
CVE-2016-3715 – ImageMagick Arbitrary File Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2016-3715
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. El codificador EPHEMERAL en ImageMagick en versiones anteriores a 6.9.3-10 y 7.x en versiones anteriores a 7.0.1-1 permite a atacantes remotos eliminar archivos arbitrarios a través de una imagen manipulada. It was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted images. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would allow the attacker to delete arbitrary files. ImageMagick contains an unspecified vulnerability that could allow users to delete files by using ImageMagick's 'ephemeral' pseudo protocol, which deletes files after reading. • https://www.exploit-db.com/exploits/39767 http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html http • CWE-20: Improper Input Validation •