CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2018-10875 – ansible: ansible.cfg is being read from current working directory allowing possible code execution
https://notcve.org/view.php?id=CVE-2018-10875
10 Jul 2018 — A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code. Se ha encontrado un error en ansible. ansible.cfg se lee desde el directorio de trabajo actual, que puede alterarse para hacer que señale a un plugin o una ruta de módulo bajo el control de un atacante, permitiendo que el atacante ejecute código arbitrario. It was found th... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html • CWE-426: Untrusted Search Path •
CVSS: 5.6EPSS: 94%CPEs: 1467EXPL: 10CVE-2017-5753 – Multiple CPUs - 'Spectre' Information Disclosure
https://notcve.org/view.php?id=CVE-2017-5753
04 Jan 2018 — Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Los sistemas con microprocesadores con ejecución especulativa y predicción de ramas podrían permitir la revelación no autorizada de información al atacante con acceso de usuario local mediante un análisis de un canal lateral. An industry-wide issue was found in the way many modern microprocessor designs have imp... • https://packetstorm.news/files/id/145645 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 7.8EPSS: 6%CPEs: 52EXPL: 7CVE-2017-1000366 – Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic Stack Clash' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-1000366
19 Jun 2017 — glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier. Glibc contiene una vulnerabilidad que permite que los valores LD_LIBRARY_PATH esp... • https://packetstorm.news/files/id/154361 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 8%CPEs: 37EXPL: 0CVE-2016-4955 – Ubuntu Security Notice USN-3096-1
https://notcve.org/view.php?id=CVE-2016-4955
06 Jun 2016 — ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time. ntpd en NTP 4.x en versiones anteriores a 4.2.8p8, cuando está habilitada la autoclave, permite a atacantes remotos provocar una denegación de servicio (limpiando el par variable y corte de asociación) enviando (1) un paquete crypto-NAK manipulado ... • http://bugs.ntp.org/3043 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.3EPSS: 3%CPEs: 37EXPL: 0CVE-2016-4956 – HPE Security Bulletin HPESBHF03757 1
https://notcve.org/view.php?id=CVE-2016-4956
06 Jun 2016 — ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548. ntpd en NTP 4.x en versiones anteriores a 4.2.8p8 permite a atacantes remotos provocar una denegación de servicio (transición de modo intercalado y cambio de hora) a través de un paquete de difusión manipulado. NOTA: esta vulnerabilidad existe debido a una solución inco... • http://bugs.ntp.org/3042 •
CVSS: 7.5EPSS: 62%CPEs: 14EXPL: 0CVE-2016-4957 – HPE Security Bulletin HPESBHF03757 1
https://notcve.org/view.php?id=CVE-2016-4957
06 Jun 2016 — ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547. ntpd en NTP en versiones anteriores a 4.2.8p8 permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de un paquete crypto-NAK. NOTA: esta vulnerabilidad existe debido a una solución incorrecta para CVE-2016-1547. Potential security vulnerabilities with NTP have been addresse... • http://bugs.ntp.org/3046 • CWE-476: NULL Pointer Dereference •
CVSS: 6.8EPSS: 8%CPEs: 37EXPL: 0CVE-2016-0264 – JDK: buffer overflow vulnerability in the IBM JVM
https://notcve.org/view.php?id=CVE-2016-0264
30 Apr 2016 — Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors. Desbordamiento de buffer en Java Virtual Machine (JVM) en IBM SDK, Java Technology Edition 6 en versiones anteriores a SR16 FP25 (6.0.16.25), 6 R1 en versiones anteriores a SR8 FP25 (6.1.8.25), 7 ... • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.3EPSS: 4%CPEs: 108EXPL: 0CVE-2015-7976 – Ubuntu Security Notice USN-3096-1
https://notcve.org/view.php?id=CVE-2015-7976
27 Jan 2016 — The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename. El comando savconfig ntpq en NTP 4.1.2, 4.2.x en versiones anteriores a 4.2.8p6, 4.3, 4.3.25, 4.3.70 y 4.3.77 no filtra adecuadamente caracteres especiales, lo que permite a atacantes causar un impacto no especificado a través de un nombre de archivo manipulado. Aanchal Malhotra discovered that ... • http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html • CWE-254: 7PK - Security Features •
CVSS: 7.5EPSS: 20%CPEs: 38EXPL: 0CVE-2015-5300 – ntp: MITM attacker can force ntpd to make a step larger than the panic threshold
https://notcve.org/view.php?id=CVE-2015-5300
27 Oct 2015 — The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart). La comprobación panic_gate en NTP anterior a versión 4.2.8p5 es solo h... • http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc • CWE-20: Improper Input Validation CWE-361: 7PK - Time and State •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2015-2041 – Debian Security Advisory 3237-1
https://notcve.org/view.php?id=CVE-2015-2041
09 Apr 2015 — net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry. net/llc/sysctl_net_llc.c en el kernel de Linux anterior a 3.19 utiliza un tipo de datos incorrecto en una tabla sysctl, lo que permite a usuarios locales obtener información sensible de la memoria del kernel o posiblemente tener otro impacto no espe... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6b8d9117ccb4f81b1244aafa7bc70ef8fa45fc49 • CWE-17: DEPRECATED: Code •