CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0CVE-2016-7545 – policycoreutils: SELinux sandbox escape via TIOCSTI ioctl
https://notcve.org/view.php?id=CVE-2016-7545
SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. SELinux policycoreutils permite a usuarios locales ejecutar comandos arbitrarios fuera de la sandbox a través de una llamada ioctl TIOCSTI manipulada. It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox. • http://rhn.redhat.com/errata/RHSA-2016-2702.html http://rhn.redhat.com/errata/RHSA-2017-0535.html http://rhn.redhat.com/errata/RHSA-2017-0536.html http://www.openwall.com/lists/oss-security/2016/09/25/1 http://www.securityfocus.com/bid/93156 http://www.securitytracker.com/id/1037283 https://github.com/SELinuxProject/selinux/commit/acca96a135a4d2a028ba9b636886af99c0915379 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPRNK3PWMAVNJZ53YW5GOEOGJSFNAQIF https:& • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 1%CPEs: 36EXPL: 0CVE-2016-9013
https://notcve.org/view.php?id=CVE-2016-9013
Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually specify a password in the database settings TEST dictionary. Django 1.8.x en versiones anteriores a 1.8.16, 1.9.x en versiones anteriores a 1.9.11 y 1.10.x en versiones anteriores a 1.10.3 utiliza una contraseña embebida para un usuario de base de datos temporal creada al ejecutar pruebas con una base de datos Oracle, lo que hace más fácil a atacantes remotos obtener acceso al servidor de la base de datos aprovechando el fallo para especificar manualmente una contraseña en la configuración del diccionario TEST de la base de datos. • http://www.debian.org/security/2017/dsa-3835 http://www.securityfocus.com/bid/94069 http://www.securitytracker.com/id/1037159 http://www.ubuntu.com/usn/USN-3115-1 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OG5ROMUPS6C7BXELD3TAUUH7OBYV56WQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QXDKJYHN74BWY3P7AR2UZDVJREQMRE6S https://www.djangoproject.com/weblog/2016/nov/01/security-releases • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.1EPSS: 1%CPEs: 36EXPL: 0CVE-2016-9014
https://notcve.org/view.php?id=CVE-2016-9014
Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS. Django en versiones anteriores a 1.8.x en versiones anteriores a 1.8.16, 1.9.x en versiones anteriores a 1.9.11 y 1.10.x en versiones anteriores a 1.10.3 cuando settings.DEBUG es True, permiten a atacantes remotos llevar a cabo ataques de revinculación DNS aprovechando el fallo para validar la cabecera del Host HTTP contra settings.ALLOWED_HOSTS. • http://www.debian.org/security/2017/dsa-3835 http://www.securityfocus.com/bid/94068 http://www.securitytracker.com/id/1037159 http://www.ubuntu.com/usn/USN-3115-1 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OG5ROMUPS6C7BXELD3TAUUH7OBYV56WQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QXDKJYHN74BWY3P7AR2UZDVJREQMRE6S https://www.djangoproject.com/weblog/2016/nov/01/security-releases • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2016-5407
https://notcve.org/view.php?id=CVE-2016-5407
The (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXv before 1.0.11 allow remote X servers to trigger out-of-bounds memory access operations via vectors involving length specifications in received data. Las funciones (1) XvQueryAdaptors y (2) XvQueryEncodings en X.org libXv en versiones anteriores a 1.0.11 permiten a servidores remotos X para desencadenar operaciones de acceso a memoria fuera de rango a través de vectores que involucran especificaciones de longitud en los datos recibidos. • http://www.openwall.com/lists/oss-security/2016/10/04/2 http://www.openwall.com/lists/oss-security/2016/10/04/4 http://www.securityfocus.com/bid/93368 http://www.securitytracker.com/id/1036945 https://cgit.freedesktop.org/xorg/lib/libXv/commit/?id=d9da580b46a28ab497de2e94fdc7b9ff953dab17 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3IA7BLB4C3JOYVU6UASGUJQJKUF6TO7E https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AE2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2016-7942
https://notcve.org/view.php?id=CVE-2016-7942
The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations. La función XGetImage en X.org libX11 en versiones anteriores a 1.6.4 podría permitir a servidores remotos X obtener privilegios a través de vectores que involucran tipo de imagen y geometría, que desencadena operaciones de lectura fuera de límites. • http://www.openwall.com/lists/oss-security/2016/10/04/2 http://www.openwall.com/lists/oss-security/2016/10/04/4 http://www.securityfocus.com/bid/93363 http://www.securitytracker.com/id/1036945 https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8ea762f94f4c942d898fdeb590a1630c83235c17 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GMCVDXMFPXR7QGMKDG22WPPJCXH2X3L7 https://lists.x.org/archives/xorg-announce/2016-October/002720.html https://security.g • CWE-264: Permissions, Privileges, and Access Controls CWE-787: Out-of-bounds Write •