CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 1CVE-2016-6185 – Ubuntu Security Notice USN-3625-1.tt
https://notcve.org/view.php?id=CVE-2016-6185
25 Jul 2016 — The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory. El método XSLoader::load en XSLoader en Perl no localiza adecuadamente archivos .so cuando se le llama en una cadena eval, lo que podría permitir a usuarios locales ejecutar código arbitrario a través de una librería Troyano bajo el directorio de trabajo actual. It was discovered ... • http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7 •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3584
https://notcve.org/view.php?id=CVE-2016-3584
21 Jul 2016 — Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Libadimalloc. Vulnerabilidad no especificada en Oracle Sun Solaris 11.3 permite a usuarios locales afectar la confidencialidad, la integridad y la disponibilidad a través de vectores relacionados con Libadimalloc. • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5469
https://notcve.org/view.php?id=CVE-2016-5469
21 Jul 2016 — Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a different vulnerability than CVE-2016-3497 and CVE-2016-5471. Vulnerabilidad no especificada en Oracle Sun Solaris 11.3 permite a usuarios locales afectar la disponibilidad a través de vectores relacionados con el Kernel, una vulnerabilidad diferente a CVE-2016-3497 y CVE-2016-5471. • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3497
https://notcve.org/view.php?id=CVE-2016-3497
21 Jul 2016 — Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a different vulnerability than CVE-2016-5469 and CVE-2016-5471. Vulnerabilidad no especificada en Oracle Sun Solaris 11.3 permite a usuarios locales afectar la disponibilidad a través de vectores relacionados con Kernel, una vulnerabilidad diferente a CVE-2016-5469 y CVE-2016-5471. • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5471
https://notcve.org/view.php?id=CVE-2016-5471
21 Jul 2016 — Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a different vulnerability than CVE-2016-3497 and CVE-2016-5469. Vulnerabilidad no especificada en Oracle Sun Solaris 11.3 permite a usuarios locales afectar la disponibilidad a través de vectores relacionados con el Kernel, una vulnerabilidad diferente a CVE-2016-3497 y CVE-2016-5469. • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5452
https://notcve.org/view.php?id=CVE-2016-5452
21 Jul 2016 — Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality via vectors related to Verified Boot. Vulnerabilidad no especificada en Oracle Sun Solaris 11.3 permite a usuarios locales afectar la confidencialidad a través de vectores relacionados con Verified Boot. • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5454
https://notcve.org/view.php?id=CVE-2016-5454
21 Jul 2016 — Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related to Verified Boot. Vulnerabilidad no especificada en Oracle Sun Solaris 11.3 permite a usuarios locales afectar la integridad y la disponibilidad a través de vectores relacionados con Verified Boot. • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html •
CVSS: 8.1EPSS: 73%CPEs: 52EXPL: 0CVE-2016-5387 – HTTPD: sets environmental variable based on user supplied Proxy request header
https://notcve.org/view.php?id=CVE-2016-5387
18 Jul 2016 — The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID fo... • http://lists.opensuse.org/opensuse-updates/2016-07/msg00059.html • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 2%CPEs: 15EXPL: 3CVE-2016-5844 – libarchive: undefined behaviour (integer overflow) in iso parser
https://notcve.org/view.php?id=CVE-2016-5844
14 Jul 2016 — Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file. Desbordamiento de entero en el analizador ISO en libarchive en versiones anteriores a 3.2.1 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un archivo ISO manipulado. Undefined behavior (signed integer overflow) was discovered in libarchive, in the ISO parser. A crafted file could potentially cause den... • http://rhn.redhat.com/errata/RHSA-2016-1844.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.9EPSS: 0%CPEs: 17EXPL: 0CVE-2016-5357 – Debian Security Advisory 3615-1
https://notcve.org/view.php?id=CVE-2016-5357
02 Jul 2016 — wiretap/netscreen.c in the NetScreen file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file. wiretap/netscreen.c en el analizador de archivo NetScreen en Wireshark 1.12.x en versiones anteriores a 1.12.12 y 2.x en versiones anteriores a 2.0.4 no maneja correctamente procesamiento sin signo de entero sscanf, lo que permite a atacantes remotos provocar u... • http://www.debian.org/security/2016/dsa-3615 • CWE-20: Improper Input Validation •