CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2014-1859
https://notcve.org/view.php?id=CVE-2014-1859
(1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file. (1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py y (4) lib/tests/test_io.py en NumPy en versiones anteriores a la 1.8.1 permiten que los usuarios locales escriban en archivos arbitrarios mediante un ataque symlink en un archivo temporal. • http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128358.html http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128781.html http://www.openwall.com/lists/oss-security/2014/02/08/3 http://www.securityfocus.com/bid/65440 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778 https://bugzilla.redhat.com/show_bug.cgi?id=1062009 https://exchange.xforce.ibmcloud.com/vulnerabilities/91317 https://github.com/numpy/numpy/blob/maintenance/1.8.x/doc/ • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.0EPSS: 4%CPEs: 5EXPL: 0CVE-2015-0295
https://notcve.org/view.php?id=CVE-2015-0295
The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file. El decodificador BMP en QtGui en QT anterior a 5.5 no calcula correctamente las mascaras utilizadas para extraer los componentes de color, lo que permite a atacantes remotos causar una denegación de servicio (dividir por cero y caída) a través de un fichero BMP manipulado. • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150800.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150940.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151034.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151121.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151138.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151352.html http://lists.opensuse.org/opensuse- • CWE-189: Numeric Errors •
CVSS: 5.0EPSS: 4%CPEs: 5EXPL: 1CVE-2015-0252 – Apache Xerces-C XML Parser < 3.1.2 - Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2015-0252
internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data. internal/XMLReader.cpp en Apache Xerces-C anterior a 3.1.2 permite a atacantes remotos causar una denegación de servicio (fallo de segmentación y caída) a través de datos XML manipulados. A flaw was found in the way the Xerces-C XML parser processed certain XML documents. A remote attacker could provide specially crafted XML input that, when parsed by an application using Xerces-C, would cause that application to crash. • https://www.exploit-db.com/exploits/36906 http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152882.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153094.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153829.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153887.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153903.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/1539 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 1.9EPSS: 0%CPEs: 4EXPL: 0CVE-2015-2152
https://notcve.org/view.php?id=CVE-2015-2152
Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3) 127.0.0.1, when not compiled with SDL support. Xen 4.5.x y anteriores capacita a ciertos backends por defecto cuando emula un dispositivo VGA para una gemu invitado de x86 HVM incluso cuando la configuración las descapacite, lo que permite a usuarios locales invitados obtener acceso a la consola VGA mediante (1) la configuración de la variable de entorno DISPLAY, cuando esté compilada con el soporte SDL, o la conexión al servidor VNC server en (2) ::1 o (3) 127.0.0.1, cuando no esté compilado con el soporte SDL. • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152588.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152776.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html http://www.securityfocus.com/bid/73068 http://www.securitytracker.com/id/1031806 http://www.securitytracker.com/id/1031919 http://xenbits.xen.org/xsa/advisory-119.html https://security& • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 19EXPL: 0CVE-2015-2157
https://notcve.org/view.php?id=CVE-2015-2157
The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory. Las funciones (1) ssh2_load_userkey y (2) ssh2_save_userkey en PuTTY 0.51 hasta 0.63 no limpian correctamente las claves privadas SSH-2 de la memoria, lo que permite a usuarios remotos obtener información sensible mediante la lectura de la memoria. • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151790.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151839.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151933.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00032.html http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped-2.html http://www.debian.org/security/2015/dsa& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •