CVSS: 5.0EPSS: 5%CPEs: 4EXPL: 0CVE-2015-1381
https://notcve.org/view.php?id=CVE-2015-1381
Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors. Múltiples vulnerabilidades no especificadas en pcrs.c en Privoxy anterior a 3.0.23 permiten a atacantes remotos causar una denegación de servicio (fallo de segmentación o consumo de memoria) a través de vectores no especificados. • http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197&view=markup http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/pcrs.c?r1=1.46&r2=1.47 http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html http://secunia.com/advisories/62775 http://secunia.com/advisories/62899 http://www.debian.org/security/2015/dsa-3145 http://www.openwall.com/lists/oss-security/2015/01/26/4 http://www.openwall.com/lists/oss-security/2015/01/27/20 • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 2%CPEs: 4EXPL: 0CVE-2015-1382
https://notcve.org/view.php?id=CVE-2015-1382
parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header. parsers.c en Privoxy anterior a 3.0.23 permite a atacantes remotos causar una denegación de servicio (lectura inválida y caída) a través de vectores relacionados con una cabecera de tiempos de HTTP. • http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197&view=markup http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.297&r2=1.298 http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html http://secunia.com/advisories/62775 http://secunia.com/advisories/62899 http://www.debian.org/security/2015/dsa-3145 http://www.openwall.com/lists/oss-security/2015/01/26/4 http://www.openwall.com/lists/oss-security/2015/01/27/20 • CWE-20: Improper Input Validation •
CVSS: 3.5EPSS: 0%CPEs: 23EXPL: 0CVE-2015-0236 – libvirt: missing ACL check for the VIR_DOMAIN_XML_SECURE flag in save images and snapshots objects
https://notcve.org/view.php?id=CVE-2015-0236
libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface. libvirt anterior a 1.2.12 permite a usuarios remotos autenticados obtener la contraseña VNC mediante el uso del indicador VIR_DOMAIN_XML_SECURE con (1) una instantánea manipulada a la interfaz virDomainSnapshotGetXMLDesc o (2) una imagen manipulada a la interfaz virDomainSaveImageGetXMLDesc. It was discovered that the virDomainSnapshotGetXMLDesc() and virDomainSaveImageGetXMLDesc() functions did not sufficiently limit the usage of the VIR_DOMAIN_XML_SECURE flag when fine-grained ACLs were enabled. A remote attacker able to establish a connection to libvirtd could use this flaw to obtain certain sensitive information from the domain XML file. • http://advisories.mageia.org/MGASA-2015-0046.html http://lists.opensuse.org/opensuse-updates/2015-02/msg00028.html http://rhn.redhat.com/errata/RHSA-2015-0323.html http://secunia.com/advisories/62766 http://security.libvirt.org/2015/0001.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:035 http://www.mandriva.com/security/advisories?name=MDVSA-2015:070 http://www.ubuntu.com/usn/USN-2867-1 https://access.redhat.com/security/cve/CVE-2015-0236 https://bugz • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2015-1419
https://notcve.org/view.php?id=CVE-2015-1419
Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing. Una vulnerabilidad no especificada en vsftpd versiones 3.0.2 y anteriores permite a los atacantes remotos omitir las restricciones de acceso por medio de vectores desconocidos, relacionados con el análisis deny_file. • http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00023.html http://lists.opensuse.org/opensuse-updates/2015-01/msg00041.html http://secunia.com/advisories/62415 •
CVSS: 7.5EPSS: 3%CPEs: 3EXPL: 0CVE-2014-8154
https://notcve.org/view.php?id=CVE-2014-8154
The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which trigger a heap-based buffer overflow. La función Gst.MapInfo en Vala 0.26.0 y 0.26.1 utiliza una declaración de longitud de buffer incorrecta para los enlaces Gstreamer, lo que permite a atacantes dependientes de contexto causar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de vectores no especificados, lo que provoca un desbordamiento de buffer basado en memoria dinámica. • http://lists.opensuse.org/opensuse-updates/2015-01/msg00069.html https://bugzilla.redhat.com/show_bug.cgi?id=1177840 https://bugzilla.redhat.com/show_bug.cgi?id=1181404 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •