CVE-2016-4007
https://notcve.org/view.php?id=CVE-2016-4007
Multiple unspecified vulnerabilities in the obs-service-extract_file package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip with "illegal options." Múltiples vulnerabilidades no especificadas en el paquete obs-service-extract_file en versiones anteriores a 0.3-5.1 en openSUSE Leap 42.1 y en versiones anteriores a 0.3-3.1 en openSUSE 13.2 permite a atacantes ejecutar comandos arbitrarios a través de una definición de servicio, relacionado con la ejecución de unzip con "opciones ilegales". • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00019.html https://build.opensuse.org/request/show/361096 •
CVE-2016-1866
https://notcve.org/view.php?id=CVE-2016-1866
Salt 2015.8.x before 2015.8.4 does not properly handle clear messages on the minion, which allows man-in-the-middle attackers to execute arbitrary code by inserting packets into the minion-master data stream. Salt 2015.8.x en versiones anteriores a 2015.8.4 no maneja correctamente mensajes en claro en el minion, lo que permite a atacantes man-in-the-middle ejecutar código arbitrario insertando paquetes en el flujo de datos del minion-master. • http://lists.opensuse.org/opensuse-updates/2016-03/msg00034.html https://docs.saltstack.com/en/latest/topics/releases/2015.8.4.html • CWE-284: Improper Access Control •
CVE-2015-5969
https://notcve.org/view.php?id=CVE-2015-5969
The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments. La secuencia de comandos mysql-systemd-helper en el paquete mysql-community-server en versiones anteriores a 5.6.28-2.17.1 en openSUSE 13.2 y en versiones anteriores a 5.6.28-13.1 en openSUSE Leap 42.1 y el paquete mariadb en versiones anteriores a 10.0.22-2.21.2 en openSUSE 13.2 y en versiones anteriores a 10.0.22-3.1 en SUSE Linux Enterprise (SLE) 12.1 y openSUSE Leap 42.1 permite a usuarios locales descubrir las credenciales de la base de datos listando un proceso y sus argumentos. • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html https://bugzilla.suse.com/957174 https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-2383
https://notcve.org/view.php?id=CVE-2016-2383
The adjust_branches function in kernel/bpf/verifier.c in the Linux kernel before 4.5 does not consider the delta in the backward-jump case, which allows local users to obtain sensitive information from kernel memory by creating a packet filter and then loading crafted BPF instructions. La función adjust_branches en kernel/bpf/verifier.c en el kernel de Linux en versiones anteriores a 4.5 no tiene en cuenta el delta en el caso de salto de retroceso, lo que permite a usuarios locales obtener información sensible del kernel de memoria creando un filtro de paquetes y posteriormente cargando instrucciones BPF manipuladas. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a1b14d27ed0965838350f1377ff97c93ee383492 http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html http://www.openwall.com/lists/oss-security/2016/02/14/1 http://www.ubuntu.com/usn/USN-2947-1 http://www.ubuntu.com/usn/USN-2947-2 http://www.ubuntu.com/usn/USN-2947-3 https://bugzilla.redhat.com/show_bug.cgi?id=1308452 https://github.com/torvalds/linux/commit/a1b14d27ed0965838350f1377ff97c93ee3834 •
CVE-2015-5479
https://notcve.org/view.php?id=CVE-2015-5479
The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions. La función ff_h263_decode_mba en libavcodec/ituh263dec.c en Libav en versiones anteriores a 11.5 permite a atacantes remotos provocar una denegación de servicio (error de división por cero y caída de la aplicación) a través de un archivo con dimensiones manipuladas. • http://lists.opensuse.org/opensuse-updates/2016-06/msg00105.html http://www.securityfocus.com/bid/75932 http://www.ubuntu.com/usn/USN-2944-1 https://blogs.gentoo.org/ago/2015/07/16/libav-divide-by-zero-in-ff_h263_decode_mba https://git.libav.org/?p=libav.git%3Ba=commitdiff%3Bh=0a49a62f998747cfa564d98d36a459fe70d3299b https://libav.org/releases/libav-11.5.changelog • CWE-189: Numeric Errors •