CVSS: 9.8EPSS: 3%CPEs: 16EXPL: 0CVE-2017-7481 – ansible: Security issue with lookup return not tainting the jinja2 environment
https://notcve.org/view.php?id=CVE-2017-7481
18 May 2017 — Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated. Ansible en versiones anteriores a la 2.3.1.0 y 2.4.0.0 no marca correctamente los resultados del plugin lookup como no seguros. Si un atacante pudiese c... • http://www.securityfocus.com/bid/98492 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 0CVE-2018-6485 – glibc: Integer overflow in posix_memalign in memalign functions
https://notcve.org/view.php?id=CVE-2018-6485
03 Apr 2017 — An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption. Un desbordamiento de enteros en la implementación de posix_memalign en las funciones memalign en GNU C Library (también conocido como glibc o libc6) en versiones 2.26 y anteriores podría provocar que estas funciones devuelvan un puntero a un áre... • http://bugs.debian.org/878159 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 19%CPEs: 62EXPL: 0CVE-2016-9841 – zlib: Out-of-bounds pointer arithmetic in inffast.c
https://notcve.org/view.php?id=CVE-2016-9841
23 Jan 2017 — inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. inffast.c en zlib 1.2.8 puede permitir que atacantes dependientes del contexto causen un impacto no especificado aprovechando una aritmética de puntero incorrecta.. It was discovered that rsync incorrectly handled pointer arithmetic in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code. It was d... • http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-7062 – rhscon-ceph: password leak by command line parameter
https://notcve.org/view.php?id=CVE-2016-7062
19 Oct 2016 — rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext. rhscon-ceph en Red Hat Storage Console 2 x86_64 y Red Hat Storage Console Node 2 x86_64 permite a los usuarios locales obtener la contraseña como texto sin cifrar. A flaw was found in the way authentication details were passed between rhscon-ceph and rhscon-core. An authenticated, local attacker could use this flaw to recover the cleartext password. Red Hat Storag... • http://www.securityfocus.com/bid/93796 • CWE-214: Invocation of Process Using Visible Sensitive Information CWE-255: Credentials Management Errors •
CVSS: 10.0EPSS: 93%CPEs: 81EXPL: 0CVE-2016-3427 – Oracle Java SE and JRockit Unspecified Vulnerability
https://notcve.org/view.php?id=CVE-2016-3427
20 Apr 2016 — Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. Vulnerabilidad no especificada en Oracle Java SE 6u113, 7u99 y 8u77; Java SE Embedded 8u77; y JRockit R28.3.9 permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores relacionados con JMX. It was discovered that the RMI server implementation in... • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2014-8177 – gluster-swift metadata constraints are not correctly enforced
https://notcve.org/view.php?id=CVE-2014-8177
05 Oct 2015 — The Red Hat gluster-swift package, as used in Red Hat Gluster Storage (formerly Red Hat Storage Server), allows remote authenticated users to bypass the max_meta_count constraint via multiple crafted requests which exceed the limit when combined. El paquete gluster-swift de Red Hat, tal como se utiliza en Red Hat Gluster Storage (anteriormente Red Hat Storage Server), permite a usuarios remotos autenticados eludir la restricción max_meta_count a través de múltiples peticiones manipuladas que exceden el lími... • http://rhn.redhat.com/errata/RHSA-2015-1845.html • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2012-5635 – GlusterFS: insecure temporary file creation
https://notcve.org/view.php?id=CVE-2012-5635
09 Apr 2013 — The GlusterFS functionality in Red Hat Storage Management Console 2.0, Native Client, and Server 2.0 allows local users to overwrite arbitrary files via a symlink attack on multiple temporary files created by (1) tests/volume.rc, (2) extras/hook-scripts/S30samba-stop.sh, and possibly other vectors, different vulnerabilities than CVE-2012-4417. La funcionalidad GlusterFS en Red Hat Storage Management Console v2.0, Native Client, Server 2.0 permite a usuarios locales sobreescribir archivos arbitrarios mediant... • http://rhn.redhat.com/errata/RHSA-2013-0691.html • CWE-264: Permissions, Privileges, and Access Controls CWE-377: Insecure Temporary File •
CVSS: 9.8EPSS: 7%CPEs: 8EXPL: 0CVE-2012-4406 – Openstack-Swift: insecure use of python pickle()
https://notcve.org/view.php?id=CVE-2012-4406
22 Oct 2012 — OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object. OpenStack Object Storage (swift) antes de v1.7.0 utiliza la función loads en el módulo pickle de Python de forma no segura al almacenar y cargar los metadatos en memcached, lo que permite a atacantes remotos ejecutar código arbitrario a través de un objeto pickle modifica... • http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html • CWE-502: Deserialization of Untrusted Data •