CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 3CVE-2015-1336 – Man-db 2.6.7.1 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-1336
The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use. Las tareas de limpieza diarias mandb en Man-db en versiones anteriores a la 2.7.6.1-1 tal y como se distribuye en Ubuntu y Debian permiten que usuarios locales con acceso a la cuenta "man" ganen privilegios mediante vectores que implican el uso inseguro de la función chown. Man-db version 2.6.7.1 suffers from a privilege escalation vulnerability. • https://www.exploit-db.com/exploits/41158 http://packetstormsecurity.com/files/140759/Man-db-2.6.7.1-Privilege-Escalation.html http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1336.html http://www.halfdog.net/Security/2015/MandbSymlinkLocalRootPrivilegeEscalation http://www.openwall.com/lists/oss-security/2015/12/14/11 http://www.securityfocus.com/bid/79723 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840357 https://bugs.launchpad.net/ubuntu/+source/man-db/+ • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 2%CPEs: 5EXPL: 0CVE-2016-10109
https://notcve.org/view.php?id=CVE-2016-10109
Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remote attackers to cause denial of service (crash) via a command that uses "cardsList" after the handle has been released through the SCardReleaseContext function. Vulnerabilidad de uso después de liberación en pcsc-lite en versiones anteriores a 1.8.20 permite a atacantes remotos provocar denegación de servicio (caída) a través de un comando que utiliza "cardsList" después de que el manejo haya sido lanzado a través de la función SCardReleaseContext. • http://www.debian.org/security/2017/dsa-3752 http://www.openwall.com/lists/oss-security/2017/01/03/3 http://www.securityfocus.com/bid/95263 http://www.ubuntu.com/usn/USN-3176-1 https://lists.alioth.debian.org/pipermail/pcsclite-muscle/Week-of-Mon-20161226/000779.html https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache. • CWE-416: Use After Free •
CVSS: 4.7EPSS: 0%CPEs: 21EXPL: 0CVE-2017-3313 – mysql: Server: MyISAM unspecified vulnerability (CPU Jan 2017)
https://notcve.org/view.php?id=CVE-2017-3313
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts). • http://www.debian.org/security/2017/dsa-3767 http://www.debian.org/security/2017/dsa-3809 http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html http://www.securityfocus.com/bid/95527 http://www.securitytracker.com/id/1037640 https://access.redhat.com/errata/RHSA-2017:2192 https://access.redhat.com/errata/RHSA-2017:2787 https://access.redhat.com/errata/RHSA-2017:2886 https://access.redhat.com/errata/RHSA-2018:0279 https://access.redhat.com/errata/RHSA& •
CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 0CVE-2016-9963
https://notcve.org/view.php?id=CVE-2016-9963
Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages. Exim en versiones anteriores a 4.87.1 podrían permitir a atacantes remotos obtener la clave de firma DKIM privada a través de vectores relacionados con archivos de registro y mensajes de devolución. • http://www.debian.org/security/2016/dsa-3747 http://www.exim.org/static/doc/CVE-2016-9963.txt http://www.securityfocus.com/bid/94947 http://www.securitytracker.com/id/1037484 http://www.ubuntu.com/usn/USN-3164-1 https://bugs.exim.org/show_bug.cgi?id=1996 • CWE-320: Key Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2016-9775
https://notcve.org/view.php?id=CVE-2016-9775
The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 on Debian wheezy, before 6.0.45+dfsg-1~deb8u1 on Debian jessie, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u7 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to gain root privileges via a setgid program in the Catalina directory, as demonstrated by /etc/tomcat8/Catalina/attack. El script postrm en el paquete tomcat6 en versiones anteriores a 6.0.45+dfsg-1~deb7u3 en Debian wheezy, en versiones anteriores a 6.0.45+dfsg-1~deb8u1 en Debian jessie, en versiones anteriores a 6.0.35-1ubuntu3.9 rn Ubuntu 12.04 LTS y en Ubuntu 14.04 LTS; el paquete tomcat7 en versiones anteriores a 7.0.28-4+deb7u7 en Debian wheezy, en versiones anteriores a 7.0.56-3+deb8u6 en Debian jessie, en versiones anteriores a 7.0.52-1ubuntu0.8 en Ubuntu 14.04 LTS, y en Ubuntu 12.04 LTS, 16.04 LTS y 16.10; y el paquete tomcat8 en versiones anteriores a 8.0.14-1+deb8u5 en Debian jessie, en versiones anteriores a 8.0.32-1ubuntu1.3 en Ubuntu 16.04 LTS, en versiones anteriores a 8.0.37-1ubuntu0.1 en Ubuntu 16.10 y en versiones anteriores a 8.0.38-2ubuntu1 en Ubuntu 17.04 podrían permitir a usuarios locales con acceso a la cuenta tomcat obtener privilegios root a través de un programa setgid en el directorio Catalina, como se demuestra por /etc/tomcat8/Catalina/attack • http://www.debian.org/security/2016/dsa-3738 http://www.debian.org/security/2016/dsa-3739 http://www.openwall.com/lists/oss-security/2016/12/02/10 http://www.openwall.com/lists/oss-security/2016/12/02/5 http://www.securityfocus.com/bid/94643 http://www.ubuntu.com/usn/USN-3177-1 http://www.ubuntu.com/usn/USN-3177-2 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845385 https://security.netapp.com/advisory/ntap-20180731-0002 https://www.oracle. • CWE-264: Permissions, Privileges, and Access Controls •