CVSS: 9.8EPSS: 20%CPEs: 6EXPL: 1CVE-2016-9635 – gstreamer-plugins-good: Heap buffer overflow in FLIC decoder
https://notcve.org/view.php?id=CVE-2016-9635
24 Nov 2016 — Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer. Desbordamiento de búfer basado en memoria dinámica en la función flx_decode_delta_fli en gst/flx/gstflxdec.c en el decoder FLIC en GStreamer en versiones anteriores a 1.10.2 permite a atacantes remotos ejecutar cód... • http://rhn.redhat.com/errata/RHSA-2016-2975.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 20%CPEs: 6EXPL: 1CVE-2016-9634 – gstreamer-plugins-good: Heap buffer overflow in FLIC decoder
https://notcve.org/view.php?id=CVE-2016-9634
24 Nov 2016 — Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter. Desbordamiento de búfer basado en memoria dinámica en la función flx_decode_delta_fli en gst/flx/gstflxdec.c en el decoder FLIC en GStreamer en versiones anteriores a 1.10.2 permite a atacantes remotos ejecutar código arbitrario o provocar una deneg... • http://rhn.redhat.com/errata/RHSA-2016-2975.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 16%CPEs: 6EXPL: 1CVE-2016-9636 – gstreamer-plugins-good: Heap buffer overflow in FLIC decoder
https://notcve.org/view.php?id=CVE-2016-9636
24 Nov 2016 — Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond the initialized buffer. Desbordamiento de búfer basado en memoria dinámica en la función flx_decode_delta_fli en gst/flx/gstflxdec.c en el decoder FLIC en GStreamer en versiones anteriores a 1.10.2 permite a atacantes remotos ejecuta... • http://rhn.redhat.com/errata/RHSA-2016-2975.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0CVE-2016-7545 – policycoreutils: SELinux sandbox escape via TIOCSTI ioctl
https://notcve.org/view.php?id=CVE-2016-7545
14 Nov 2016 — SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. SELinux policycoreutils permite a usuarios locales ejecutar comandos arbitrarios fuera de la sandbox a través de una llamada ioctl TIOCSTI manipulada. It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context ... • http://rhn.redhat.com/errata/RHSA-2016-2702.html • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2016-5416 – 389-ds-base: ACI readable by anonymous user
https://notcve.org/view.php?id=CVE-2016-5416
04 Nov 2016 — 389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to read the default Access Control Instructions. 389 Directory Server en RedHat Enterprise Linux Desktop 6 hasta el 7, RedHat Enterprise Linux HPC node 6 hasta el 7, RedHat Enterprise Linux Server 6 hasta el 7, y RedHat Enterprise Linux WorkStation 6 hasta el 7 permite a u... • http://rhn.redhat.com/errata/RHSA-2016-2594.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-3099 – mod_nss: Invalid handling of +CIPHER operator
https://notcve.org/view.php?id=CVE-2016-3099
04 Nov 2016 — mod_ns in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to force the use of ciphers that were not intended to be enabled. mod_ns en Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7, permite a atacantes remotos forzar el uso de cifrados que no estaban destinados a ser habilitados. ... • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183102.html • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-392: Missing Report of Error Condition •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2016-5410 – firewalld: Firewall configuration can be modified by any logged in user
https://notcve.org/view.php?id=CVE-2016-5410
04 Nov 2016 — firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry, or (5) setEntries D-Bus API method. firewalld.py en firewalld en versiones anteriores a 0.4.3.3 permite a usuarios locales eludir la autenticación y modificar las configuraciones del firewall a través de (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry o (5) setEntries D-Bus API method... • http://rhn.redhat.com/errata/RHSA-2016-2597.html • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •
CVSS: 4.9EPSS: 0%CPEs: 5EXPL: 0CVE-2016-7091 – sudo: Possible info leak via INPUTRC
https://notcve.org/view.php?id=CVE-2016-7091
04 Nov 2016 — sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo. sudo: Se ha descubierto que la configuración por defecto de sudo en Red Hat Enterprise Linux y posiblemente en otras implemen... • http://www.securityfocus.com/bid/92615 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.3EPSS: 0%CPEs: 9EXPL: 0CVE-2016-4455 – subscription-manager: sensitive world readable files in /var/lib/rhsm/
https://notcve.org/view.php?id=CVE-2016-4455
04 Nov 2016 — The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories. El paquete Subscription Manager (también conocido como subscription-manager) en versiones anteriores a 1.17.7-1 para Candlepin utiliza permisos débiles (755) para los directorios de caché del subscription-manager, lo que permite a los usuarios locales obte... • http://rhn.redhat.com/errata/RHSA-2016-2592.html • CWE-264: Permissions, Privileges, and Access Controls CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2016-4992 – 389-ds-base: Information disclosure via repeated use of LDAP ADD operation
https://notcve.org/view.php?id=CVE-2016-4992
04 Nov 2016 — 389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to infer the existence of RDN component objects. Servidor de directorios en Red Hat Enterprise Linux de escritorio 6 a 7, Red Hat Enterprise Linux HPC de nodo 6 a 7, Servidor 6 a 7 de Red Hat Enterprise Linux y Red Hat Enterprise Linux Estación de trabajo 6 a 7 permite a a... • http://rhn.redhat.com/errata/RHSA-2016-2594.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-209: Generation of Error Message Containing Sensitive Information •