CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2016-3156 – kernel: ipv4: denial of service when destroying a network interface
https://notcve.org/view.php?id=CVE-2016-3156
27 Apr 2016 — The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses. La implementación IPv4 en el kernel de Linux en versiones anteriores a 4.5.2 no maneja adecuadamente la destrucción de objetos de dispositivo, lo que permite a usuarios del SO invitado provocar una denegación de servicio (corte de la red del sistema operativo anfitrión) disponie... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbd40ea0180a2d328c5adc61414dc8bab9335ce2 • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.3EPSS: 2%CPEs: 4EXPL: 0CVE-2016-1657 – chromium-browser: address bar spoofing
https://notcve.org/view.php?id=CVE-2016-1657
15 Apr 2016 — The WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which allows remote attackers to spoof the address bar via a crafted URL. La función WebContentsImpl::FocusLocationBarByDefault en content/browser/web_contents/web_contents_impl.cc en Google Chrome en versiones anteriores a 50.0.2661.75 no maneja correctamente el foco para ciertas páginas about:blank, lo que permite ... • http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html • CWE-254: 7PK - Security Features •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1658 – chromium-browser: potential leak of sensitive information to malicious extensions
https://notcve.org/view.php?id=CVE-2016-1658
15 Apr 2016 — The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension. El subsistema Extensions en Google Chrome en versiones anteriores a 50.0.2661.75 confía incorrectamente en llamadas al método GetOrigin para comparaciones de origen, lo que permite a atacantes remotos eludir la Same Origin Policy y obtener información sensible... • http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 7.2EPSS: 81%CPEs: 1EXPL: 4CVE-2016-1593 – Novell ServiceDesk 6.5/7.0.3/7.1.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-1593
11 Apr 2016 — Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. (dot dot) in a filename within a multipart/form-data POST request to a LiveTime.woa URL. Vulnerabilidad de salto de directorio en la característica importar usuarios en Micro Focus Novell Service Desk en versiones anteriores a 7.2 permite a administradores autenticados remotos cargar y ejecutar archivos JSP a... • https://packetstorm.news/files/id/136646 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 14%CPEs: 1EXPL: 2CVE-2016-1594 – Novell ServiceDesk 6.5/7.0.3/7.1.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-1594
11 Apr 2016 — Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to read arbitrary attachments via a request to a LiveTime.woa URL, as demonstrated by obtaining sensitive information via a (1) downloadLogFiles or (2) downloadFile action. Micro Focus Novell Service Desk en versiones anteriores a 7.2 permite a usuarios autenticados remotos leer archivos adjuntos arbitrarios a través de una petición a una URL LiveTime.woa, según lo demostrado obteniendo información sensible a través de una acción (... • https://packetstorm.news/files/id/136646 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 10%CPEs: 1EXPL: 2CVE-2016-1595 – Novell ServiceDesk 6.5/7.0.3/7.1.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-1595
11 Apr 2016 — LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile in Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to conduct Hibernate Query Language (HQL) injection attacks and obtain sensitive information via the entityName parameter. LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile en Micro Focus Novell Service Desk en versiones anteriores a 7.2 permite a usuarios autenticados remotos llevar a cabo ataques de inyección Hibernate Query Language (HQL) y obtener ... • https://packetstorm.news/files/id/136646 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2016-1596 – Novell ServiceDesk 6.5/7.0.3/7.1.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-1596
11 Apr 2016 — Multiple cross-site scripting (XSS) vulnerabilities in Micro Focus Novell Service Desk before 7.2 allow remote authenticated users to inject arbitrary web script or HTML via a certain (1) user name, (2) tf_aClientFirstName, (3) tf_aClientLastName, (4) ta_selectedTopicContent, (5) tf_orgUnitName, (6) tf_aManufacturerFullName, (7) tf_aManufacturerName, (8) tf_aManufacturerAddress, or (9) tf_aManufacturerCity parameter. Múltiples vulnerabiliaddes de XSS en Micro Focus Novell Service Desk en versiones anteriore... • https://packetstorm.news/files/id/136646 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 1CVE-2016-3672 – Linux Kernel (x86) - Disable ASLR by Setting the RLIMIT_STACK Resource to Unlimited
https://notcve.org/view.php?id=CVE-2016-3672
07 Apr 2016 — The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits. La función arch_pick_mmap_layout en arch/x86/mm/mmap.c en el kernel de Linux hasta la versión 4.5.2 no maneja de forma aleatoria el legado de ... • https://www.exploit-db.com/exploits/39669 • CWE-254: 7PK - Security Features CWE-341: Predictable from Observable State •
CVSS: 6.2EPSS: 0%CPEs: 17EXPL: 0CVE-2016-2847 – kernel: pipe: limit the per-user amount of pages allocated in pipes
https://notcve.org/view.php?id=CVE-2016-2847
06 Apr 2016 — fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes. fs/pipe.c en el kernel de Linux antes de 4.5 no limita la cantidad de datos no leídos en las tuberías, lo que permite a los usuarios locales provocar una denegación de servicio (consumo de memoria) creando muchas tuberías con tamaños no predeterminados. It is possible for a single process to cause... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=759c01142a5d0f364a462346168a56de28a80f52 • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5968
https://notcve.org/view.php?id=CVE-2015-5968
18 Mar 2016 — Cross-site scripting (XSS) vulnerability in Novell Filr 1.2 before Hot Patch 4 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en Novell Filr 1.2 en versiones anteriores a Hot Patch 4 permite a atacantes remotos inyectar código web o HTML arbitrarios a través de una URL manipulada. • https://www.novell.com/support/kb/doc.php?id=7017078 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •