CVSS: 10.0EPSS: 0%CPEs: 14EXPL: 0CVE-2016-1329
https://notcve.org/view.php?id=CVE-2016-1329
Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to obtain root privileges via a (1) TELNET or (2) SSH session, aka Bug ID CSCuy25800. Cisco NX-OS 6.0(2)U6(1) hasta la versión 6.0(2)U6(5) en dispositivos Nexus 3000 y 6.0(2)A6(1) hasta la versión 6.0(2)A6(5) y 6.0(2)A7(1) en dispositivos Nexus 3500 tiene credenciales embebidas, lo que permite a atacantes remotos obtener privilegios root a través de una sesión (1) TELNET o (2) SSH, también conocida como Bug ID CSCuy25800. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-n3k http://www.securitytracker.com/id/1035161 https://isc.sans.edu/forums/diary/20795 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 2%CPEs: 4EXPL: 0CVE-2016-0729 – xerces-c: parser crashes on malformed input
https://notcve.org/view.php?id=CVE-2016-0729
Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp, and (3) util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denial of service (segmentation fault or memory corruption) or possibly execute arbitrary code via a crafted document. Múltiples desbordamientos en (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp y (3) util/XMLUri.cpp en la librería XML Parser en Apache Xerces-C en versiones anteriores a 3.1.3 permite a atacantes remotos causar una denegación de servicio (fallo de segmentación o corrupción de memoria) o posiblemente ejecutar código arbitrario a través de un documento manipulado. It was discovered that the Xerces-C XML parser did not properly process certain XML input. By providing specially crafted XML data to an application using Xerces-C for XML processing, a remote attacker could exploit this flaw to cause an application crash or, possibly, execute arbitrary code with the privileges of the application. • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182062.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182131.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182597.html http://lists.opensuse.org/opensuse-updates/2016-04/msg00012.html http://lists.opensuse.org/opensuse-updates/2016-04/msg00086.html http://lists.opensuse.org/opensuse-updates/2016-07/msg00053.html http://packetstormsecurity.com/files/135949/Apache-Xerces-C-XML-Parser-Buffe • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 3%CPEs: 4EXPL: 0CVE-2013-7447
https://notcve.org/view.php?id=CVE-2013-7447
Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service (crash) via a large image file, which triggers a large memory allocation. Desbordamiento de entero en la función gdk_cairo_set_source_pixbuf en gdk/gdkcairo.c en GTK+ en versiones anteriores a 3.9.8, tal como se utiliza en eom, gnome-photos, eog, gambas3, thunar, pinpoint y posiblemente otras aplicaciones, permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo de imagen grande, lo que desencadena una gran asignación de memoria. • http://lists.opensuse.org/opensuse-updates/2016-03/msg00010.html http://www.openwall.com/lists/oss-security/2016/02/10/2 http://www.openwall.com/lists/oss-security/2016/02/10/6 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.securityfocus.com/bid/83239 http://www.ubuntu.com/usn/USN-2898-1 http://www.ubuntu.com/usn/USN-2898-2 https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1540811 https://bugzilla.gnome.org&# •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2016-1319
https://notcve.org/view.php?id=CVE-2016-1319
Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM & Presence Service 10.5(2); Unified Contact Center Express 11.0(1); and Unity Connection 10.5(2) store a cleartext encryption key, which allows local users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuv85958. Cisco Unified Communications Manager (también conocido como CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1) y 11.0(1.10000.10); Unified Communications Manager IM & Presence Service 10.5(2); Unified Contact Center Express 11.0(1); y Unity Connection 10.5(2) almacena una clave de cifrado en texto plano, que permite a usuarios locales obtener información sensible a través de vectores no especificados, también conocido como Bug ID CSCuv85958. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-ucm http://www.securitytracker.com/id/1034958 http://www.securitytracker.com/id/1034959 http://www.securitytracker.com/id/1034960 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1308
https://notcve.org/view.php?id=CVE-2016-1308
SQL injection vulnerability in Cisco Unified Communications Manager 10.5(2.13900.9) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCux99227. Vulnerabilidad de inyección SQL en Cisco Unified Communications Manager 10.5(2.13900.9) permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de una URL manipulada, también conocido como Bug ID CSCux99227. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-ucm http://www.securitytracker.com/id/1034938 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •