Page 5 of 257 results (0.009 seconds)

CVSS: 10.0EPSS: 49%CPEs: 81EXPL: 0

CVE-2016-3427 – Oracle Java SE and JRockit Unspecified Vulnerability

https://notcve.org/view.php?id=CVE-2016-3427

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. Vulnerabilidad no especificada en Oracle Java SE 6u113, 7u99 y 8u77; Java SE Embedded 8u77; y JRockit R28.3.9 permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores relacionados con JMX. It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws. Oracle Java SE and JRockit contains an unspecified vulnerability that allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Java Management Extensions (JMX). • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2016-05 •

CVSS: 8.8EPSS: 3%CPEs: 11EXPL: 0

CVE-2016-3630

https://notcve.org/view.php?id=CVE-2016-3630

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records. El decodificador delta binario en Mercurial en versiones anteriores a 3.7.3 permite a atacantes remotos ejecutar código arbitrario a través de un comando (1) clone, (2) push o (3) pull, relacionado con (a) un error de redondeo del tamaño de lista y (b) registros cortos. • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181505.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181542.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00043.html http://www.debian.org/security/2016/dsa-3542 http • CWE-19: Data Processing Errors •

CVSS: 8.8EPSS: 5%CPEs: 18EXPL: 0

CVE-2016-3068 – mercurial: command injection via git subrepository urls

https://notcve.org/view.php?id=CVE-2016-3068

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository. Mercurial en versiones anteriores a 3.7.3 permite a atacantes remotos ejecutar código arbitrario a través de una URL git ext:: manipulada cuando se clona un subrepositorio. It was discovered that Mercurial failed to properly check Git sub-repository URLs. A Mercurial repository that includes a Git sub-repository with a specially crafted URL could cause Mercurial to execute arbitrary code. • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181505.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181542.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00043.html http://rhn.redhat.com/errata/RHSA-2016-0706.html&# • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 8.8EPSS: 4%CPEs: 18EXPL: 0

CVE-2016-3069 – mercurial: convert extension command injection via git repository names

https://notcve.org/view.php?id=CVE-2016-3069

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository. Mercurial en versiones anteriores a 3.7.3 permite a atacantes remotos ejecutar código arbitrario a través de un nombre manipulado cuando se convierte un repositorio Git. It was discovered that the Mercurial convert extension failed to sanitize special characters in Git repository names. A Git repository with a specially crafted name could cause Mercurial to execute arbitrary code when the Git repository was converted to a Mercurial repository. • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181505.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181542.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00043.html http://rhn.redhat.com/errata/RHSA-2016-0706.html&# • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 10.0EPSS: 14%CPEs: 10EXPL: 0

CVE-2016-2315 – git: path_name() integer truncation and overflow leading to buffer overflow

https://notcve.org/view.php?id=CVE-2016-2315

revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow. revision.c en git en versiones anteriores a 2.7.4 utiliza un tipo de datos de entero incorrecto, lo que permite a atacantes remotos ejecutar código arbitrario a través de un (1) nombre de archivo grande o (2) muchos árboles anidados, dando lugar a un desbordamiento de buffer basado en memoria dinámica. An integer truncation flaw and an integer overflow flaw, both leading to a heap-based buffer overflow, were found in the way Git processed certain path information. A remote attacker could create a specially crafted Git repository that would cause a Git client or server to crash or, possibly, execute arbitrary code. • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183147.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179121.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180763.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00061.html http://lists.opensuse.org/opensuse-security-announce • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-194: Unexpected Sign Extension •