CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 3CVE-2006-7246
https://notcve.org/view.php?id=CVE-2006-7246
27 Jan 2020 — NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used. NetworkManager versiones 0.9.x, no fija un asunto del certificado en un ESSID cuando es usada la autenticación 802.11X. • http://www.openwall.com/lists/oss-security/2010/04/22/2 • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2011-1145
https://notcve.org/view.php?id=CVE-2011-1145
14 Nov 2019 — The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string. La función SQLDriverConnect() en unixODBC versiones anterior a la versión 2.2.14p2, tiene una posible condición de desbordamiento del búfer cuando se especifica valor grande para el parámetro SAVEFILE en la cadena de conexión. • https://access.redhat.com/security/cve/cve-2011-1145 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2010-4661
https://notcve.org/view.php?id=CVE-2010-4661
13 Nov 2019 — udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules. udisks versiones anteriores a la versión 1.0.3, permite a un usuario local cargar módulos arbitrarios del kernel de Linux. • http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00000.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.1EPSS: 78%CPEs: 52EXPL: 0CVE-2016-5387 – HTTPD: sets environmental variable based on user supplied Proxy request header
https://notcve.org/view.php?id=CVE-2016-5387
18 Jul 2016 — The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID fo... • http://lists.opensuse.org/opensuse-updates/2016-07/msg00059.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 19%CPEs: 41EXPL: 0CVE-2016-4953 – HPE Security Bulletin HPESBHF03757 1
https://notcve.org/view.php?id=CVE-2016-4953
06 Jun 2016 — ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time. ntpd en NTP 4.x en versiones anteriores a 4.2.8p8 permite a atacantes remotos provocar una denegación de servicio (desmovilización de asociación efímera) mediante el envío de un paquete crypto-NAK falsificado con datos de autenticación incorrectos en un momento determinado. Potential security vu... • http://bugs.ntp.org/3045 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 13%CPEs: 41EXPL: 0CVE-2016-4954 – HPE Security Bulletin HPESBHF03757 1
https://notcve.org/view.php?id=CVE-2016-4954
06 Jun 2016 — The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication. La función process_packet en ntp_proto.c en ntpd en NTP 4.x en versiones anteriores a 4.2.8p8 permite a atacantes remotos provocar una denegación de servicio (modificación de par variable) enviando paquetes falsif... • http://bugs.ntp.org/3044 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.9EPSS: 8%CPEs: 37EXPL: 0CVE-2016-4955 – Ubuntu Security Notice USN-3096-1
https://notcve.org/view.php?id=CVE-2016-4955
06 Jun 2016 — ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time. ntpd en NTP 4.x en versiones anteriores a 4.2.8p8, cuando está habilitada la autoclave, permite a atacantes remotos provocar una denegación de servicio (limpiando el par variable y corte de asociación) enviando (1) un paquete crypto-NAK manipulado ... • http://bugs.ntp.org/3043 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.3EPSS: 3%CPEs: 37EXPL: 0CVE-2016-4956 – HPE Security Bulletin HPESBHF03757 1
https://notcve.org/view.php?id=CVE-2016-4956
06 Jun 2016 — ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548. ntpd en NTP 4.x en versiones anteriores a 4.2.8p8 permite a atacantes remotos provocar una denegación de servicio (transición de modo intercalado y cambio de hora) a través de un paquete de difusión manipulado. NOTA: esta vulnerabilidad existe debido a una solución inco... • http://bugs.ntp.org/3042 •
CVSS: 7.5EPSS: 62%CPEs: 14EXPL: 0CVE-2016-4957 – HPE Security Bulletin HPESBHF03757 1
https://notcve.org/view.php?id=CVE-2016-4957
06 Jun 2016 — ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547. ntpd en NTP en versiones anteriores a 4.2.8p8 permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de un paquete crypto-NAK. NOTA: esta vulnerabilidad existe debido a una solución incorrecta para CVE-2016-1547. Potential security vulnerabilities with NTP have been addresse... • http://bugs.ntp.org/3046 • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 56%CPEs: 24EXPL: 0CVE-2016-5118 – ImageMagick: Remote code execution via filename
https://notcve.org/view.php?id=CVE-2016-5118
30 May 2016 — The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. La función OpenBlob en blob.c en GraphicsMagick en versiones anteriores a 1.3.24 y ImageMagick permite a atacantes remotos ejecutar código arbitrario a través del caractér | (tubería) en el inicio del nombre de archivo. It was discovered that ImageMagick did not properly sanitize certain input before using it to invoke processe... • http://git.imagemagick.org/repos/ImageMagick/commit/40639d173aa8c76b850d625c630b711fee4dcfb8 • CWE-20: Improper Input Validation •