CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14312
https://notcve.org/view.php?id=CVE-2020-14312
05 Feb 2021 — A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option `local-service` is not enabled. Running dnsmasq in this manner may inadvertently make it an open resolver accessible from any address on the internet. This flaw allows an attacker to conduct a Distributed Denial of Service (DDoS) against ot... • https://bugzilla.redhat.com/show_bug.cgi?id=1851342 • CWE-284: Improper Access Control •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2016-1000037
https://notcve.org/view.php?id=CVE-2016-1000037
06 Nov 2019 — Pagure: XSS possible in file attachment endpoint Pagure: posible vulnerabilidad de tipo XSS en el endpoint de archivo adjunto • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000037 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 4%CPEs: 5EXPL: 1CVE-2015-8980
https://notcve.org/view.php?id=CVE-2015-8980
04 Nov 2019 — The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code. La fórmula de forma plural en la familia de llamadas ngettext en php-gettext versiones anteriores a la versión 1.0.12, permite a atacantes remotos ejecutar código arbitrario. • http://lists.opensuse.org/opensuse-updates/2017-02/msg00015.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 3%CPEs: 8EXPL: 0CVE-2016-1254
https://notcve.org/view.php?id=CVE-2016-1254
05 Dec 2017 — Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor. Tor, en versiones anteriores a la 0.2.8.12 podría permitir que los atacantes remotos provoquen una denegación de servicio (cierre inesperado del cliente) mediante un descriptor de servicio oculto manipulado. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00154.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 94%CPEs: 18EXPL: 4CVE-2017-11610 – Supervisor 3.0a1 < 3.3.2 - XML-RPC (Authenticated) Remote Code Execution
https://notcve.org/view.php?id=CVE-2017-11610
23 Aug 2017 — The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups. El servidor XML-RPC en supervisor en versiones anteriores a la 3.0.1, 3.1.x en versiones anteriores a la 3.1.4, 3.2.x en versiones anteriores a la 3.2.4, y 3.3.x en versiones anteriores a la 3.3.3 permite que atacantes remotos autenticados ejecuten comandos ... • https://packetstorm.news/files/id/144316 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-276: Incorrect Default Permissions •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-6342
https://notcve.org/view.php?id=CVE-2016-6342
27 Jun 2017 — elog 3.1.1 allows remote attackers to post data as any username in the logbook. ELOG versión 3.1.1 permite a tacantes remotos enviar datos usando cualquier nombre que aparezca en el registro de usuarios logueados. • https://bugzilla.redhat.com/show_bug.cgi?id=1371328 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-5391
https://notcve.org/view.php?id=CVE-2016-5391
13 Jun 2017 — libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart). Libreswan anterior a la 3.18 permite a un atacante remoto provocar una denegación de servicio (desreferencia a un puntero NULL y reinicio del daemon pluto). • https://bugzilla.redhat.com/show_bug.cgi?id=1356183 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-3704 – pulp: Unsafe use of bash $RANDOM for NSS DB password and seed
https://notcve.org/view.php?id=CVE-2016-3704
13 Jun 2017 — Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords. Pulp en sus versiones anteriores a 2.8.5 usa la varible $RANDOM del bash de manera insegura para la generación de contraseñas. Pulp makes unsafe use of Bash's $RANDOM to generate a NSS DB password and seed resulting in insufficient randomness. An attacker could potentially guess the seed used given enough time and compute resources. Red Hat Satellite is a systems management tool for Linux-based infrastructure. • https://access.redhat.com/errata/RHSA-2018:0336 • CWE-255: Credentials Management Errors CWE-330: Use of Insufficiently Random Values •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-3696 – pulp: Leakage of CA key in pulp-qpid-ssl-cfg
https://notcve.org/view.php?id=CVE-2016-3696
13 Jun 2017 — The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key. El script pulp-qpid-ssl-cfg en Pulp anterior a la versión 2.8.5 permite a usuarios locales obtener la clave de autoridad de certificación. It was found that the private CA key was created in a directory that is world-readable for a small amount of time. A local user could possibly use this flaw to gain access to the private key information in the file. Red Hat Satellite is a systems management tool for Linux-based inf... • https://access.redhat.com/errata/RHSA-2018:0336 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2016-3095
https://notcve.org/view.php?id=CVE-2016-3095
08 Jun 2017 — server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key. El archivo server/bin/pulp-gen-ca-certificate en Pulp anterior a versión 2.8.2, permite a los usuarios locales leer la clave privada generada. • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •