CVSS: 9.3EPSS: 11%CPEs: 26EXPL: 0CVE-2016-7865 – Adobe Flash LocalConnection Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-7865
08 Nov 2016 — Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. Versiones de Adobe Flash Player 23.0.0.205 y anteriores, 11.2.202.643 y anteriores tienen una vulnerabilidad de confusión de tipo explotable. Una explotación exitosa podría conducir a la ejecución de código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ad... • http://rhn.redhat.com/errata/RHSA-2016-2676.html • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 3.3EPSS: 0%CPEs: 9EXPL: 0CVE-2016-4455 – subscription-manager: sensitive world readable files in /var/lib/rhsm/
https://notcve.org/view.php?id=CVE-2016-4455
04 Nov 2016 — The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories. El paquete Subscription Manager (también conocido como subscription-manager) en versiones anteriores a 1.17.7-1 para Candlepin utiliza permisos débiles (755) para los directorios de caché del subscription-manager, lo que permite a los usuarios locales obte... • http://rhn.redhat.com/errata/RHSA-2016-2592.html • CWE-264: Permissions, Privileges, and Access Controls CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2016-4992 – 389-ds-base: Information disclosure via repeated use of LDAP ADD operation
https://notcve.org/view.php?id=CVE-2016-4992
04 Nov 2016 — 389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to infer the existence of RDN component objects. Servidor de directorios en Red Hat Enterprise Linux de escritorio 6 a 7, Red Hat Enterprise Linux HPC de nodo 6 a 7, Servidor 6 a 7 de Red Hat Enterprise Linux y Red Hat Enterprise Linux Estación de trabajo 6 a 7 permite a a... • http://rhn.redhat.com/errata/RHSA-2016-2594.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2016-5405 – 389-ds-base: Password verification vulnerable to timing attack
https://notcve.org/view.php?id=CVE-2016-5405
04 Nov 2016 — 389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to obtain user passwords. 389 Directory Server en Red Hat Enterprise Linux Desktop versiones 6 a la 7, Red Hat Enterprise Linux HPC Node versiones 6 a la 7, servidor Red Hat Enterprise Linux versiones 6 a la 7 y Red Hat Enterprise Linux Las Workstation versiones 6 a la 7, ... • http://rhn.redhat.com/errata/RHSA-2016-2594.html • CWE-199: Information Management Errors CWE-385: Covert Timing Channel •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2016-5416 – 389-ds-base: ACI readable by anonymous user
https://notcve.org/view.php?id=CVE-2016-5416
04 Nov 2016 — 389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to read the default Access Control Instructions. 389 Directory Server en RedHat Enterprise Linux Desktop 6 hasta el 7, RedHat Enterprise Linux HPC node 6 hasta el 7, RedHat Enterprise Linux Server 6 hasta el 7, y RedHat Enterprise Linux WorkStation 6 hasta el 7 permite a u... • http://rhn.redhat.com/errata/RHSA-2016-2594.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2016-7035 – pacemaker: Privilege escalation due to improper guarding of IPC communication
https://notcve.org/view.php?id=CVE-2016-7035
04 Nov 2016 — An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine. Se ha detectado un error en Pacemaker en versiones anteriores a la 1.1.6 por el que no protegía correctamente su interfaz IPC. Un atacante con una cuenta sin privilegios en un nodo Pacemaker... • http://rhn.redhat.com/errata/RHSA-2016-2614.html • CWE-285: Improper Authorization •
CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 0CVE-2015-5160 – libvirt: Ceph id/key leaked in the process list
https://notcve.org/view.php?id=CVE-2015-5160
03 Nov 2016 — libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing. libvirt en versiones anteriores a la 2.2 incluye las credenciales de Ceph en la línea de comandos qemu cuando se utiliza RADOS Block Device (también conocido como RBD), lo que permite a los usuarios locales obtener información sensible mediante un listado de procesos. It was found that the libvirt daemon, when using RBD... • http://rhn.redhat.com/errata/RHSA-2016-2577.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 43%CPEs: 57EXPL: 0CVE-2016-8864 – bind: assertion failure while handling responses containing a DNAME answer
https://notcve.org/view.php?id=CVE-2016-8864
01 Nov 2016 — named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c. named en ISC BIND 9.x en versiones anteriores a 9.9.9-P4, 9.10.x en versiones anteriores a 9.10.4-P4 y 9.11.x en versiones anteriores a 9.11.0-P1 permite a atacantes remotos provocar una denegación de servicio (fallo de as... • http://rhn.redhat.com/errata/RHSA-2016-2141.html • CWE-617: Reachable Assertion •
CVSS: 9.3EPSS: 46%CPEs: 25EXPL: 1CVE-2016-7855 – Adobe Flash Player Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2016-7855
27 Oct 2016 — Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016. Vulnerabilidad de uso después de liberación de memoria en Adobe Flash Player en versiones anteriores a 23.0.0.205 en Windows y OS X y en versiones anteriores a 11.2.202.643 en Linux permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificado... • https://github.com/swagatbora90/CheckFlashPlayerVersion • CWE-416: Use After Free •
CVSS: 9.3EPSS: 2%CPEs: 21EXPL: 0CVE-2016-4286 – flash-plugin: multiple code execution issues fixed in APSB16-32
https://notcve.org/view.php?id=CVE-2016-4286
12 Oct 2016 — Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to bypass intended access restrictions via unspecified vectors. Adobe Flash Player en versiones anteriores a 18.0.0.382 y 19.x hasta la versión 23.x en versiones anteriores a 23.0.0.185 en Windows y OS X y en versiones anteriores a 11.2.202.637 en Linux permite a atacantes eludir restricciones destinadas al acceso a través de vectores no especificados. The flash-... • http://rhn.redhat.com/errata/RHSA-2016-2057.html • CWE-284: Improper Access Control •