CVE-2016-5444 – mysql: unspecified vulnerability in subcomponent: Server: Connection (CPU July 2016)
https://notcve.org/view.php?id=CVE-2016-5444
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection. Vulnerabilidad no especificada en Oracle MySQL 5.5.48 y versiones anteriores, 5.6.29 y versiones anteriores y 5.7.11 y versiones anteriores y MariaDB en versiones anteriores a 5.5.49, 10.0.x en versiones anteriores a 10.0.25 y 10.1.x en versiones anteriores a 10.1.14 permite a atacantes remotos afectar la confidencialidad a través de vectores relacionados con Server: Connection. • http://rhn.redhat.com/errata/RHSA-2016-0705.html http://rhn.redhat.com/errata/RHSA-2016-1480.html http://rhn.redhat.com/errata/RHSA-2016-1481.html http://rhn.redhat.com/errata/RHSA-2016-1602.html http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.securityfocus.com/bid/91787 http://www.securityfocus.com/bid •
CVE-2016-2775 – bind: Too long query name causes segmentation fault in lwresd
https://notcve.org/view.php?id=CVE-2016-2775
ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol. ISC BIND 9.x en versiones anteriores a 9.9.9-P2, 9.10.x en versiones anteriores a 9.10.4-P2 y 9.11.x en versiones anteriores a 9.11.0b2, cuando lwresd o la opción nombrada lwres está habilitada, permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de una petición larga que utiliza el protocolo ligero de resolución. It was found that the lightweight resolver protocol implementation in BIND could enter an infinite recursion and crash when asked to resolve a query name which, when combined with a search list entry, exceeds the maximum allowable length. A remote attacker could use this flaw to crash lwresd or named when using the "lwres" statement in named.conf. • http://www.securityfocus.com/bid/92037 http://www.securitytracker.com/id/1036360 https://access.redhat.com/errata/RHBA-2017:0651 https://access.redhat.com/errata/RHBA-2017:1767 https://access.redhat.com/errata/RHSA-2017:2533 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05321107 https://kb.isc.org/article/AA-01393/74/CVE-2016-2775 https://kb.isc.org/article/AA-01435 https://kb.isc.org/article/AA-01436 https://kb.isc.org • CWE-20: Improper Input Validation •
CVE-2016-5388 – Tomcat: CGI sets environmental variable based on user supplied Proxy request header
https://notcve.org/view.php?id=CVE-2016-5388
Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388"; in other words, this is not a CVE ID for a vulnerability. Apache Tomcat, en versiones 7.x hasta la 7.0.70 y versiones 8.x hasta la 8.5.4, cuando el Servlet CGI está habilitado, sigue la sección 4.1.18 de RFC 3875 y, por lo tanto, no protege aplicaciones ante la presencia de datos de cliente no fiables en la variable de entorno HTTP_PROXY. Esto podría permitir que atacantes remotos redirijan el tráfico HTTP saliente de una aplicación a un servidor proxy arbitrario mediante una cabecera Proxy manipulada en una petición HTTP. Esto también se conoce como problema "httpoxy". • http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html http://rhn.redhat.com/errata/RHSA-2016-1624.html http://rhn.redhat.com/errata/RHSA-2016-2045.html http://rhn.redhat.com/errata/RHSA-2016-2046.html http://www.kb.cert.org/vuls/id/797896 http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html http://www.securityfocus.com/bid/91818 http://www.securitytracker.com/id/ • CWE-20: Improper Input Validation CWE-284: Improper Access Control •
CVE-2016-5387 – HTTPD: sets environmental variable based on user supplied Proxy request header
https://notcve.org/view.php?id=CVE-2016-5387
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability. El Apache HTTP Server hasta la versión 2.4.23 sigue a RFC 3875 sección 4.1.18 y por lo tanto no protege aplicaciones de la presencia de datos de clientes no confiables en ambiente variable de HTTP_PROXY, lo que puede permitir a atacantes remotos redireccionar el tráfico HTTP saliente de aplicación a un servidor proxy arbitrario a través de una cabecera Proxy manipulada en una petición HTTP, también conocido como problema "httpoxy". NOTA: el vendedor afirma "Se ha asignado a esta mitigación el identificador CVE-2016-5387"; en otras palabras, esto no es un CVE ID para una vulnerabilidad. It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. • http://lists.opensuse.org/opensuse-updates/2016-07/msg00059.html http://rhn.redhat.com/errata/RHSA-2016-1624.html http://rhn.redhat.com/errata/RHSA-2016-1625.html http://rhn.redhat.com/errata/RHSA-2016-1648.html http://rhn.redhat.com/errata/RHSA-2016-1649.html http://rhn.redhat.com/errata/RHSA-2016-1650.html http://www.debian.org/security/2016/dsa-3623 http://www.kb.cert.org/vuls/id/797896 http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html • CWE-20: Improper Input Validation •
CVE-2015-8896 – ImageMagick: Integer truncation vulnerability in coders/pict.c
https://notcve.org/view.php?id=CVE-2015-8896
Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file. Problema de truncamiento de entero en coders/pict.c en ImageMagick en versiones anteriores a 7.0.5-0 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de un archivo .pict manipulado. • http://www.openwall.com/lists/oss-security/2015/10/07/2 http://www.openwall.com/lists/oss-security/2015/10/08/3 http://www.openwall.com/lists/oss-security/2016/06/02/13 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/91027 https://access.redhat.com/errata/RHSA-2016:1237 https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1448803 https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14 •