Page 86 of 510 results (0.010 seconds)

CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0

CVE-2015-7529 – sos: Usage of predictable temporary files allows privilege escalation

https://notcve.org/view.php?id=CVE-2015-7529

sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date. sosreport en las versiones 3.x de SoS permite que usuarios locales ibtengan información sensible de archivos sosreport u obtener privilegios mediante un ataque de vínculo simbólico o un archivo de archivado en un directorio temporal. Esto lo demuestra sosreport-$hostname-$date.tar en /tmp/sosreport-$hostname-$date. An insecure temporary file use flaw was found in the way sos created certain sosreport files. A local attacker could possibly use this flaw to perform a symbolic link attack to reveal the contents of sosreport files, or in some cases modify arbitrary files and escalate their privileges on the system. • http://rhn.redhat.com/errata/RHSA-2016-0152.html http://rhn.redhat.com/errata/RHSA-2016-0188.html http://www.securityfocus.com/bid/83162 http://www.ubuntu.com/usn/USN-2845-1 https://access.redhat.com/errata/RHSA-2016:0152 https://access.redhat.com/errata/RHSA-2016:0188 https://bugzilla.redhat.com/show_bug.cgi?id=1282542 https://github.com/sosreport/sos/issues/696 https://access.redhat.com/security/cve/CVE-2015-7529 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-377: Insecure Temporary File •

CVSS: 4.3EPSS: 1%CPEs: 65EXPL: 0

CVE-2015-3196 – OpenSSL: Race condition handling PSK identify hint

https://notcve.org/view.php?id=CVE-2015-3196

ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message. ssl/s3_clnt.c en OpenSSL 1.0.0 en versiones anteriores a 1.0.0t, 1.0.1 en versiones anteriores a 1.0.1p y 1.0.2 en versiones anteriores a 1.0.2d, cuando es utilizado por un cliente multi hilo, escribe la pista de identidad PSK en una estructura de datos incorrecta, lo que permite a servidores remotos provocar una denegación de servicio (condición de carrera y liberación doble) a través de un mensaje ServerKeyExchange manipulado. A race condition flaw, leading to a double free, was found in the way OpenSSL handled pre-shared key (PSK) identify hints. A remote attacker could use this flaw to crash a multi-threaded SSL/TLS client using OpenSSL. • http://fortiguard.com/advisory/openssl-advisory-december-2015 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html http://marc.info/?l=bugtraq&m=145382583417444&w=2 http://openssl.org/news/secadv/20151203.txt • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 5.3EPSS: 1%CPEs: 56EXPL: 0

CVE-2015-3195 – OpenSSL: X509_ATTRIBUTE memory leak

https://notcve.org/view.php?id=CVE-2015-3195

The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application. La implementación ASN1_TFLG_COMBINE en crypto/asn1/tasn_dec.c en OpenSSL en versiones anteriores a 0.9.8zh, 1.0.0 en versiones anteriores a 1.0.0t, 1.0.1 en versiones anteriores a 1.0.1q y 1.0.2 en versiones anteriores a 1.0.2e no maneja correctamente los errores provocados por datos X509_ATTRIBUTE malformados, lo que permite a atacantes remotos obtener información sensible de memoria de proceso desencadenando un fallo de decodificación en una aplicación PKCS#7 o CMS. A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. • http://fortiguard.com/advisory/openssl-advisory-december-2015 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html http://lists.opensuse& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 9.8EPSS: 2%CPEs: 24EXPL: 0

CVE-2015-8391 – pcre: inefficient posix character class syntax check (8.38/16)

https://notcve.org/view.php?id=CVE-2015-8391

The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. La función pcre_compile en pcre_compile.c en PCRE en versiones anteriores a 8.38 no maneja correctamente cierta anidación [: , lo que permite a atacantes remotos causar una denegación de servicio (consumo de CPU) o posiblemente tener otro impacto no especificado a través de una expresión regular manipulada, según lo demostrado por un objeto JavaScript RegExp encontrado por Konqueror. • http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html http://rhn.redhat.com/errata/RHSA-2016-1025.html http://rhn.redhat.com/errata/RHSA-2016-2750.html http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886 http://www.openwall.com/lists/oss-security/2015/11/29/1 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/82990 https:&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-407: Inefficient Algorithmic Complexity •

CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0

CVE-2015-3276 – openldap: incorrect multi-keyword mode cipherstring parsing

https://notcve.org/view.php?id=CVE-2015-3276

The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors. La función nss_parse_ciphers en libraries/libldap/tls_m.c en OpenLDAP no analiza adecuadamente cadenas de cifrado en modo multiclave de estilo OpenSSL, lo que podría provocar el uso de un cifrado más débil que el previsto y permitir a atacantes remotos tener un impacto no especificado a través de vectores desconocidos. A flaw was found in the way OpenLDAP parsed OpenSSL-style cipher strings. As a result, OpenLDAP could potentially use ciphers that were not intended to be enabled. • http://rhn.redhat.com/errata/RHSA-2015-2131.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securitytracker.com/id/1034221 https://bugzilla.redhat.com/show_bug.cgi?id=1238322 https://access.redhat.com/security/cve/CVE-2015-3276 • CWE-682: Incorrect Calculation •