
CVE-2015-0441 – mysql: unspecified vulnerability related to Server:Security:Encryption (CPU April 2015)
https://notcve.org/view.php?id=CVE-2015-0441
16 Apr 2015 — Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.41 y anteriores, y 5.6.22 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con Server : Security : Encryption. MariaDB is a multi-user, multi-threaded SQL database... • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html •

CVE-2015-0499 – mysql: unspecified vulnerability related to Server:Federated (CPU April 2015)
https://notcve.org/view.php?id=CVE-2015-0499
16 Apr 2015 — Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.42 y anteriores, y 5.6.23 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con Server : Federated. MariaDB is a multi-user, multi-threaded SQL database server that is binary c... • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html •

CVE-2015-0501 – mysql: unspecified vulnerability related to Server:Compiling (CPU April 2015)
https://notcve.org/view.php?id=CVE-2015-0501
16 Apr 2015 — Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.42 y anterioresw y 5.6.23 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con Server : Compiling. MariaDB is a multi-user, multi-threaded SQL database server that is binary c... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 •

CVE-2015-0505 – mysql: unspecified vulnerability related to Server:DDL (CPU April 2015)
https://notcve.org/view.php?id=CVE-2015-0505
16 Apr 2015 — Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.42 y anteriores, y 5.6.23 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con DDL. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found that the MySQL c... • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html •

CVE-2015-0797 – Mozilla: Buffer overflow parsing H.264 video with Linux Gstreamer (MFSA 2015-47)
https://notcve.org/view.php?id=CVE-2015-0797
16 Apr 2015 — GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 video data in an m4v file. GStreamer anterior a 1.4.5, utilizado en Mozilla Firefox anterior a 38.0, Firefox ESR 31.x anterior a 31.7, y Thunderbird anterior a 31.7 en Linux, permite a atacantes remotos causar una denegación de servi... • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00017.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVE-2015-2808 – SSL/TLS: "Invariance Weakness" vulnerability in RC4 stream cipher
https://notcve.org/view.php?id=CVE-2015-2808
01 Apr 2015 — The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue. El algoritmo RC4, utilizado en el protocolo TLS y el prot... • http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVE-2015-2348 – php: move_uploaded_file() NUL byte injection in file name
https://notcve.org/view.php?id=CVE-2015-2348
30 Mar 2015 — The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected names via a crafted second argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. La implementación move_uploaded_file en ext/standard/basic_functions.c en PHP anterior a 5.4.39... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=1291d6bbee93b6109eb07e8f7916ff1b7fcc13e1 • CWE-264: Permissions, Privileges, and Access Controls CWE-626: Null Byte Interaction Error (Poison Null Byte) •

CVE-2015-2787 – php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re
https://notcve.org/view.php?id=CVE-2015-2787
30 Mar 2015 — Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231. Vulnerabilidad de uso después de liberación en la función process_nested_data en ext/standard/var_unserializer.re en PHP anterior a 5.4.39, 5.5.x anterior a 5.5... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-416: Use After Free •

CVE-2015-2301 – php: use after free in phar_object.c
https://notcve.org/view.php?id=CVE-2015-2301
19 Mar 2015 — Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file. Vulnerabilidad de uso después de liberación en la función phar_rename_archive en phar_object.c en PHP anterior a 5.5.22 y 5.6.x anterior a 5.6.6 permite a atacantes remotos causar una denegació... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=b2cf3f064b8f5efef89bb084521b61318c71781b • CWE-416: Use After Free •

CVE-2014-9657 – freetype: off-by-one buffer over-read in tt_face_load_hdmx()
https://notcve.org/view.php?id=CVE-2014-9657
08 Feb 2015 — The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font. La función tt_face_load_hdmx en truetype/ttpload.c en FreeType anterior a 2.5.4 no establece un tamaño de registro mínimo, lo que permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) o posiblemente tener otr... • http://advisories.mageia.org/MGASA-2015-0083.html • CWE-125: Out-of-bounds Read •