CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2614
https://notcve.org/view.php?id=CVE-2015-2614
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via vectors related to NVM Express SSD driver. Vulnerabilidad no especificada en Oracle Sun Solaris 11.2, permite a usuarios locales afectar la disponibilidad a través de vectores relacionados con NVM Express SSD driver. • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securitytracker.com/id/1032914 •
CVSS: 1.9EPSS: 0%CPEs: 2EXPL: 0CVE-2015-2580
https://notcve.org/view.php?id=CVE-2015-2580
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to NFSv4. Vulnerabilidad no especificada en Oracle Sun Solaris 10 y 11.2, permite a usuarios locales afectar la disponibilidad a través de vectores relacionados con NFSv4. • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securityfocus.com/bid/75889 http://www.securitytracker.com/id/1032914 •
CVSS: 5.0EPSS: 71%CPEs: 65EXPL: 1CVE-2015-4024 – php: multipart/form-data request parsing CPU usage DoS
https://notcve.org/view.php?id=CVE-2015-4024
Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome. Vulnerabilidad de complejidad algorítmica en la función multipart_buffer_headers en main/rfc1867.c en PHP anterior a 5.4.41, 5.5.x anterior a 5.5.25, y 5.6.x anterior a 5.6.9 permiten a atacantes remotos causar una denegación de servicio (consumo de CPU) a través de datos de formularios manipulados que provocan un resultado de orden de crecimiento incorrecto. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158616.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158915.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159031.html http://lists.opensuse.org/opensuse-updates/2015-06/msg00002.html http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2015-1135.html http://rhn.redhat.com/errata/RHSA-2015&# • CWE-399: Resource Management Errors CWE-407: Inefficient Algorithmic Complexity •
CVSS: 5.0EPSS: 0%CPEs: 21EXPL: 0CVE-2015-3814
https://notcve.org/view.php?id=CVE-2015-3814
The (1) dissect_tfs_request and (2) dissect_tfs_response functions in epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 interpret a zero value as a length rather than an error condition, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. Las funciones (1) dissect_tfs_request y (2) dissect_tfs_response en epan/dissectors/packet-ieee80211.c en el disector IEEE 802.11 en Wireshark 1.10.x anterior a 1.10.14 y 1.12.x anterior a 1.12.5 interpretan un valor cero como una longitud en lugar de una condición de error, lo que permite a atacantes remotos causar una denegación de servicio (bucle infinito) a través de un paquete manipulado. • http://www.debian.org/security/2015/dsa-3277 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.securityfocus.com/bid/74631 http://www.wireshark.org/security/wnpa-sec-2015-17.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11110 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=e243b0041328980a9bbd43bb8a8166d7422f9096 https://security.gentoo.org/glsa/201510-03 • CWE-189: Numeric Errors •
CVSS: 5.0EPSS: 0%CPEs: 21EXPL: 0CVE-2015-3811 – wireshark: WCP dissector crash (wnpa-sec-2015-14)
https://notcve.org/view.php?id=CVE-2015-3811
epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 improperly refers to previously processed bytes, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, a different vulnerability than CVE-2015-2188. epan/dissectors/packet-wcp.c en el disector WCP en Wireshark 1.10.x anterior a 1.10.14 y 1.12.x anterior a 1.12.5 refiere incorrectamente a bytes previamente procesados, lo que permite a atacantes remotos causar una denegación de servicio (caída de aplicación) a través de un paquete manipulado, una vulnerabilidad diferente a CVE-2015-2188. A flaw was found in WCP dissector of wireshark of which an attacker could crash wireshark by injecting a specially crafted packet onto the wire or by convincing wireshark user to read malformed packet trace file. • http://rhn.redhat.com/errata/RHSA-2017-0631.html http://www.debian.org/security/2015/dsa-3277 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.wireshark.org/security/wnpa-sec-2015-14.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10978 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=a6fc6aa0b4efc1a1c3d7a2e3b5189e888fb6ccc2 https://security.gentoo.o • CWE-17: DEPRECATED: Code CWE-665: Improper Initialization •