CVE-2016-7498

CVE-2016-7498

OpenStack Compute (nova) 13.0.0 does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state. NOTE: this vulnerability exists because of a CVE-2015-3280 regression.

Source: CVE-2016-7498

CVE-2016-7444

CVE-2016-7444

The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.

Source: CVE-2016-7444

CVE-2016-6330 (jboss_operations_network)

CVE-2016-6330 (jboss_operations_network)

The server in Red Hat JBoss Operations Network (JON), when SSL authentication is not configured for JON server / agent communication, allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-3737.

Source: CVE-2016-6330 (jboss_operations_network)

CVE-2016-6330

CVE-2016-6330

The server in Red Hat JBoss Operations Network (JON), when SSL authentication is not configured for JON server / agent communication, allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-3737.

Source: CVE-2016-6330