CVE-2016-5553
https://notcve.org/view.php?id=CVE-2016-5553
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via unknown vectors. Vulnerabilidad no especificada en Oracle Sun Solaris 10 y 11.3 permite a usuarios locales afectar la disponibilidad a través de vectores desconocidos. • http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.securityfocus.com/bid/93759 http://www.securitytracker.com/id/1037048 •
CVE-2016-5559
https://notcve.org/view.php?id=CVE-2016-5559
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect integrity via vectors related to Kernel. Vulnerabilidad no especificada en Oracle Sun Solaris 10 y 11.3 permite a usuarios locales afectar la integridad a través de vectores relacionados con Kernel. • http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.securityfocus.com/bid/93722 http://www.securitytracker.com/id/1037048 •
CVE-2016-5544
https://notcve.org/view.php?id=CVE-2016-5544
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Kernel/X86. Vulnerabilidad no especificada en Oracle Sun Solaris 10 y 11.3 permite a usuarios locales afectar la confidencialidad, la integridad y la disponibilidad a través de vectores relacionados con Kernel/X86. • http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.securityfocus.com/bid/93746 http://www.securitytracker.com/id/1037048 •
CVE-2016-2776 – ISC BIND 9 - Denial of Service
https://notcve.org/view.php?id=CVE-2016-2776
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query. buffer.c en named en ISC BIND 9 en versiones anteriores a 9.9.9-P3, 9.10.x en versiones anteriores a 9.10.4-P3 y 9.11.x en versiones anteriores a 9.11.0rc3 no construye respuestas adecuadamente, lo que permite a atacantes remotos provocar una denegación de servicio (fallo de aserción y salida de demonio) a través de una consulta manipulada. A denial of service flaw was found in the way BIND constructed a response to a query that met certain criteria. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet. A defect in the rendering of messages into packets can cause named to exit with an assertion failure in buffer.c while constructing a response to a query that meets certain criteria. This assertion can be triggered even if the apparent source address isnt allowed to make queries. • https://www.exploit-db.com/exploits/40453 https://github.com/infobyte/CVE-2016-2776 http://rhn.redhat.com/errata/RHSA-2016-1944.html http://rhn.redhat.com/errata/RHSA-2016-1945.html http://rhn.redhat.com/errata/RHSA-2016-2099.html http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html http://www.securityf • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVE-2016-6302 – openssl: Insufficient TLS session ticket HMAC length checks
https://notcve.org/view.php?id=CVE-2016-6302
The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short. La función tls_decrypt_ticket en ssl/t1_lib.c en OpenSSL en versiones anteriores a 1.1.0 no considera el tamaño HMAC durante la validación de la longitud del ticket, lo que permite a atacantes remotos provocar una denegación de servicio a través de un ticket que es muy corto. An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. A remote attacker could use this flaw to crash a TLS server using OpenSSL if it used SHA-512 as HMAC for session tickets. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://rhn.redhat.com/errata/RHSA-2016-1940.html http://www-01.ibm.com/support/docview.wss?uid=swg21995039 http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.oracle.com/technetwork& • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •