CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2016-5405 – 389-ds-base: Password verification vulnerable to timing attack
https://notcve.org/view.php?id=CVE-2016-5405
04 Nov 2016 — 389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to obtain user passwords. 389 Directory Server en Red Hat Enterprise Linux Desktop versiones 6 a la 7, Red Hat Enterprise Linux HPC Node versiones 6 a la 7, servidor Red Hat Enterprise Linux versiones 6 a la 7 y Red Hat Enterprise Linux Las Workstation versiones 6 a la 7, ... • http://rhn.redhat.com/errata/RHSA-2016-2594.html • CWE-199: Information Management Errors CWE-385: Covert Timing Channel •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2016-7050 – RESTEasy: SerializableProvider enabled by default and deserializes untrusted data
https://notcve.org/view.php?id=CVE-2016-7050
04 Nov 2016 — SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to execute arbitrary code. SerializablesProvider de RESTEasy en RedHat Enterprise Linux Desktop 7, RedHat Enterprise Linux HPC node 7, RedHat Enterprise Linux Server 7, y RedHat Enterprise Linux WorkStation 7 permite a un atacante remoto ejecutar código arbitrario. It was discovered that under certai... • http://rhn.redhat.com/errata/RHSA-2016-2604.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 2%CPEs: 9EXPL: 0CVE-2016-6489 – nettle: RSA/DSA code is vulnerable to cache-timing related attacks
https://notcve.org/view.php?id=CVE-2016-6489
03 Nov 2016 — The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack. El código de descifrado RSA y DSA en Nettle facilita a los atacantes cubrir las claves privadas a través de un ataque de canal secundario de caché. It was found that nettle's RSA and DSA decryption code was vulnerable to cache-related side channel attacks. An attacker could use this flaw to recover the private key from a co-located virtual-machine instance. Nettle is a cryptograp... • http://rhn.redhat.com/errata/RHSA-2016-2582.html • CWE-203: Observable Discrepancy •
CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 0CVE-2015-5160 – libvirt: Ceph id/key leaked in the process list
https://notcve.org/view.php?id=CVE-2015-5160
03 Nov 2016 — libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing. libvirt en versiones anteriores a la 2.2 incluye las credenciales de Ceph en la línea de comandos qemu cuando se utiliza RADOS Block Device (también conocido como RBD), lo que permite a los usuarios locales obtener información sensible mediante un listado de procesos. It was found that the libvirt daemon, when using RBD... • http://rhn.redhat.com/errata/RHSA-2016-2577.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 0CVE-2016-0764 – NetworkManager: Race condition allowing info leak
https://notcve.org/view.php?id=CVE-2016-0764
03 Nov 2016 — Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows local users to obtain sensitive connection information by reading temporary files during ifcfg and keyfile changes. Una condición de carrera en Network Manager anterior a versión 1.0.12 como empaquetado en Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Ente... • http://rhn.redhat.com/errata/RHSA-2016-2581.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 33%CPEs: 57EXPL: 0CVE-2016-8864 – bind: assertion failure while handling responses containing a DNAME answer
https://notcve.org/view.php?id=CVE-2016-8864
01 Nov 2016 — named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c. named en ISC BIND 9.x en versiones anteriores a 9.9.9-P4, 9.10.x en versiones anteriores a 9.10.4-P4 y 9.11.x en versiones anteriores a 9.11.0-P1 permite a atacantes remotos provocar una denegación de servicio (fallo de as... • http://rhn.redhat.com/errata/RHSA-2016-2141.html • CWE-617: Reachable Assertion •
CVSS: 6.5EPSS: 0%CPEs: 19EXPL: 0CVE-2016-5626 – mysql: unspecified vulnerability in subcomponent: Server: GIS (CPU October 2016)
https://notcve.org/view.php?id=CVE-2016-5626
25 Oct 2016 — Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS. Vulnerabilidad no especificada en Oracle MySQL 5.5.51 y versiones anteriores, 5.6.32 y versiones anteriores y 5.7.14 y versiones anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con GIS. MariaDB is a multi-user, multi-threaded SQL database server. For all prac... • http://rhn.redhat.com/errata/RHSA-2016-2130.html •
CVSS: 6.5EPSS: 0%CPEs: 19EXPL: 0CVE-2016-5624 – mysql: unspecified vulnerability in subcomponent: Server: DML (CPU October 2016)
https://notcve.org/view.php?id=CVE-2016-5624
25 Oct 2016 — Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML. Vulnerabilidad no especificada en Oracle MySQL 5.5.51 y versiones anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con DML. MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The following packages have been upgraded to a new... • http://rhn.redhat.com/errata/RHSA-2016-2130.html •
CVSS: 6.8EPSS: 1%CPEs: 21EXPL: 0CVE-2016-3492 – mysql: unspecified vulnerability in subcomponent: Server: Optimizer (CPU October 2016)
https://notcve.org/view.php?id=CVE-2016-3492
25 Oct 2016 — Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer. Vulnerabilidad no especificada en Oracle MySQL 5.5.51 y versiones anteriores, 5.6.32 y versiones anteriores y 5.7.14 y versiones anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con Server: Optimizer. MariaDB is a multi-user, multi-threaded SQL d... • http://rhn.redhat.com/errata/RHSA-2016-2130.html •
CVSS: 6.5EPSS: 0%CPEs: 20EXPL: 0CVE-2016-5612 – mysql: unspecified vulnerability in subcomponent: Server: DML (CPU October 2016)
https://notcve.org/view.php?id=CVE-2016-5612
25 Oct 2016 — Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML. Vulnerabilidad no especificada en Oracle MySQL 5.5.50 y versiones anteriores, 5.6.31 y versiones anteriores y 5.7.13 y versiones anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con DML. MariaDB is a multi-user, multi-threaded SQL database server. For all prac... • http://rhn.redhat.com/errata/RHSA-2016-1601.html •