CVSS: 6.5EPSS: 3%CPEs: 429EXPL: 0CVE-2019-10219 – hibernate-validator: safeHTML validator allows XSS
https://notcve.org/view.php?id=CVE-2019-10219
08 Nov 2019 — A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. Una vulnerabilidad fue encontrada en Hibernate-Validator. La anotación del validador SafeHtml no puede sanear apropiadamente las cargas útiles que consisten en código potencialmente malicioso en los comentarios e instrucciones HTML. • https://access.redhat.com/errata/RHSA-2020:0159 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2017-3242
https://notcve.org/view.php?id=CVE-2017-3242
27 Jan 2017 — Vulnerability in the Oracle VM Server for Sparc component of Oracle Sun Systems Products Suite (subcomponent: LDOM Manager). Supported versions that are affected are 3.2 and 3.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM Server for Sparc executes to compromise Oracle VM Server for Sparc. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM Server for Sparc, attacks... • http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 5%CPEs: 6EXPL: 0CVE-2016-7039 – kernel: remotely triggerable unbounded recursion in the vlan gro code leading to a kernel crash
https://notcve.org/view.php?id=CVE-2016-7039
12 Oct 2016 — The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666. La pila IP en el kernel de Linux hasta la versión 4.8.2 permite a atacantes remotos provocar una denegación de servicio (consumo de pila y pánico) o tener otro posible impacto no especif... • http://rhn.redhat.com/errata/RHSA-2016-2047.html • CWE-399: Resource Management Errors CWE-674: Uncontrolled Recursion •
CVSS: 7.8EPSS: 90%CPEs: 49EXPL: 4CVE-2016-2776 – ISC BIND 9 - Denial of Service
https://notcve.org/view.php?id=CVE-2016-2776
28 Sep 2016 — buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query. buffer.c en named en ISC BIND 9 en versiones anteriores a 9.9.9-P3, 9.10.x en versiones anteriores a 9.10.4-P3 y 9.11.x en versiones anteriores a 9.11.0rc3 no construye respuestas adecuadamente, lo que permite a atacantes remotos provocar una denegación d... • https://packetstorm.news/files/id/180551 • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-6197 – kernel: overlayfs: missing upper dentry verification before unlink and rename
https://notcve.org/view.php?id=CVE-2016-6197
06 Aug 2016 — fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does not properly verify the upper dentry before proceeding with unlink and rename system-call processing, which allows local users to cause a denial of service (system crash) via a rename system call that specifies a self-hardlink. fs/overlayfs/dir.c en la implementación del sistema de archivos OverlayFS en el kernel de Linux en versiones anteriores a 4.6 no verifica adecuadamente la dentry superior antes de proced... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=11f3710417d026ea2f4fcf362d866342c5274185 • CWE-20: Improper Input Validation CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2016-6198 – kernel: vfs: missing detection of hardlinks in vfs_rename() on overlayfs
https://notcve.org/view.php?id=CVE-2016-6198
06 Aug 2016 — The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a self-hardlink, which allows local users to cause a denial of service (system crash) via a rename system call, related to fs/namei.c and fs/open.c. La capa del sistema de archivos en el kernel de Linux en versiones anteriores a 4.5.5 procede con operaciones de cambio de nombre después de que un archivo OverlayFS es cambiado de nombre a un self-hardlink, lo que permite a usuarios ... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54d5ca871e72f2bb172ec9323497f01cd5091ec7 • CWE-284: Improper Access Control CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.8EPSS: 63%CPEs: 4EXPL: 5CVE-2016-5696 – kernel: challenge ACK counter information disclosure.
https://notcve.org/view.php?id=CVE-2016-5696
06 Aug 2016 — net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack. net/ipv4/tcp_input.c en el kernel de Linux en versiones anteriores a 4.7 no determina adecuadamente la tasa de segmentos de desafío ACK, lo que facilita a atacantes remotos secuestrar sesiones TCP a través de un ataque ciego en ventana. It was found that the RFC 5961 challenge ACK rate limiting as i... • https://github.com/Gnoxter/mountain_goat • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 5.5EPSS: 0%CPEs: 38EXPL: 0CVE-2016-5403 – Qemu: virtio: unbounded memory allocation on host via guest leading to DoS
https://notcve.org/view.php?id=CVE-2016-5403
02 Aug 2016 — The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion. La función virtqueue_pop en hw/virtio/virtio.c en QEMU permite a administradores locales del SO invitado provocar una denegación de servicio (consumo de memoria y caida del proceso QUEMU) mediante la presentación de solicitudes sin esperar la finalización. Quick Emulator (QEMU) built with ... • http://rhn.redhat.com/errata/RHSA-2016-1585.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2016-3632 – libtiff: out-of-bounds write in _TIFFVGetField function
https://notcve.org/view.php?id=CVE-2016-3632
02 Aug 2016 — The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image. La función _TIFFVGetField en tif_dirinfo.c en LibTIFF 4.0.6 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (escritura fuera de límites) o ejecutar código arbitrario a través de una imagen TIFF manipulada. The libtiff packages contain a library of functions for manipulati... • http://bugzilla.maptools.org/show_bug.cgi?id=2549 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2016-3945 – libtiff: out-of-bounds write in the tiff2rgba tool
https://notcve.org/view.php?id=CVE-2016-3945
02 Aug 2016 — Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image, which triggers an out-of-bounds write. Múltiples desbordamientos de entero en las funciones (1) cvt_by_strip y (2) cvt_by_tile en la herramienta tiff2rgba en LibTIFF 4.0.6 y versiones anteriores, cuando está habilitado el modo -b, permiten a ... • http://bugzilla.maptools.org/show_bug.cgi?id=2545 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •