CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2016-4007
https://notcve.org/view.php?id=CVE-2016-4007
Multiple unspecified vulnerabilities in the obs-service-extract_file package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip with "illegal options." Múltiples vulnerabilidades no especificadas en el paquete obs-service-extract_file en versiones anteriores a 0.3-5.1 en openSUSE Leap 42.1 y en versiones anteriores a 0.3-3.1 en openSUSE 13.2 permite a atacantes ejecutar comandos arbitrarios a través de una definición de servicio, relacionado con la ejecución de unzip con "opciones ilegales". • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00019.html https://build.opensuse.org/request/show/361096 •
CVSS: 6.2EPSS: 0%CPEs: 6EXPL: 0CVE-2015-5969
https://notcve.org/view.php?id=CVE-2015-5969
The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments. La secuencia de comandos mysql-systemd-helper en el paquete mysql-community-server en versiones anteriores a 5.6.28-2.17.1 en openSUSE 13.2 y en versiones anteriores a 5.6.28-13.1 en openSUSE Leap 42.1 y el paquete mariadb en versiones anteriores a 10.0.22-2.21.2 en openSUSE 13.2 y en versiones anteriores a 10.0.22-3.1 en SUSE Linux Enterprise (SLE) 12.1 y openSUSE Leap 42.1 permite a usuarios locales descubrir las credenciales de la base de datos listando un proceso y sus argumentos. • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html https://bugzilla.suse.com/957174 https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2015-2774
https://notcve.org/view.php?id=CVE-2015-2774
Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE). Erlang/OTP en versiones anteriores a 18.0-rc1 no comprueba correctamente los bytes de relleno CBC cuando finaliza las conexiones, lo que hace más fácil para atacantes man-in-the-middle obtener datos en texto plano a través de un ataque padding-oracle, una variante de CVE-2014-3566 (también conocida como POODLE). • http://lists.opensuse.org/opensuse-updates/2016-02/msg00124.html http://openwall.com/lists/oss-security/2015/03/27/6 http://openwall.com/lists/oss-security/2015/03/27/9 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.securityfocus.com/bid/73398 https://usn.ubuntu.com/3571-1 https://web.archive.org/web/20150905124006/http://www.erlang.org/news/85 https://www.imperialviolet.org/2014/12/08/poodleagain.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2016-3125
https://notcve.org/view.php?id=CVE-2016-3125
The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors. El módulo mod_tls en ProFTPD en versiones anteriores a 1.3.5b y 1.3.6 en versiones anteriores a 1.3.6rc2 no maneja correctamente la directiva TLSDHParamFile, lo cual puede causar que se utilice una clave Diffie-Hellman (DH) más débil de lo deseado y como consecuencia permitir a atacantes tener un impacto no especificado a través de vectores desconocidos. • http://bugs.proftpd.org/show_bug.cgi?id=4230 http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179109.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179143.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179905.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00080.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00045.html http://proftpd.org/docs/NEWS-1.3.5b http://proftpd.org/docs/NEWS-1.3.6r • CWE-254: 7PK - Security Features CWE-310: Cryptographic Issues •
CVSS: 6.5EPSS: 2%CPEs: 8EXPL: 1CVE-2016-2191
https://notcve.org/view.php?id=CVE-2016-2191
The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a crafted BMP image. La función bmp_read_rows en pngxtern/pngxrbmp.c en OptiPNG en versiones anteriores a 0.7.6 permite a atacantes remotos provocar una denegación de servicio (escritura de memoria inválida y caída) a través de una serie de escapes delta en una imagen BMP manipulada. • http://lists.opensuse.org/opensuse-updates/2016-04/msg00061.html http://lists.opensuse.org/opensuse-updates/2016-04/msg00065.html http://packetstormsecurity.com/files/136553/Optipng-Invalid-Write.html http://seclists.org/fulldisclosure/2016/Apr/15 http://www.debian.org/security/2016/dsa-3546 http://www.openwall.com/lists/oss-security/2016/04/04/2 http://www.securityfocus.com/archive/1/537972/100/0/threaded http://www.ubuntu.com/usn/USN-2951-1 https://security.gentoo.org&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •