CVSS: 1.9EPSS: 0%CPEs: 2EXPL: 0CVE-2015-2580
https://notcve.org/view.php?id=CVE-2015-2580
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to NFSv4. Vulnerabilidad no especificada en Oracle Sun Solaris 10 y 11.2, permite a usuarios locales afectar la disponibilidad a través de vectores relacionados con NFSv4. • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securityfocus.com/bid/75889 http://www.securitytracker.com/id/1032914 •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2015-4770
https://notcve.org/view.php?id=CVE-2015-4770
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to UNIX filesystem. Vulnerabilidad no especificada en Oracle Sun Solaris 10 y 11.2, permite a usuarios locales afectar la disponibilidad a través de vectores relacionados con el sistema de archivos UNIX. • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securityfocus.com/bid/75880 http://www.securitytracker.com/id/1032914 •
CVSS: 5.0EPSS: 71%CPEs: 65EXPL: 1CVE-2015-4024 – php: multipart/form-data request parsing CPU usage DoS
https://notcve.org/view.php?id=CVE-2015-4024
Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome. Vulnerabilidad de complejidad algorítmica en la función multipart_buffer_headers en main/rfc1867.c en PHP anterior a 5.4.41, 5.5.x anterior a 5.5.25, y 5.6.x anterior a 5.6.9 permiten a atacantes remotos causar una denegación de servicio (consumo de CPU) a través de datos de formularios manipulados que provocan un resultado de orden de crecimiento incorrecto. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158616.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158915.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159031.html http://lists.opensuse.org/opensuse-updates/2015-06/msg00002.html http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2015-1135.html http://rhn.redhat.com/errata/RHSA-2015&# • CWE-399: Resource Management Errors CWE-407: Inefficient Algorithmic Complexity •
CVSS: 5.0EPSS: 0%CPEs: 21EXPL: 0CVE-2015-3814
https://notcve.org/view.php?id=CVE-2015-3814
The (1) dissect_tfs_request and (2) dissect_tfs_response functions in epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 interpret a zero value as a length rather than an error condition, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. Las funciones (1) dissect_tfs_request y (2) dissect_tfs_response en epan/dissectors/packet-ieee80211.c en el disector IEEE 802.11 en Wireshark 1.10.x anterior a 1.10.14 y 1.12.x anterior a 1.12.5 interpretan un valor cero como una longitud en lugar de una condición de error, lo que permite a atacantes remotos causar una denegación de servicio (bucle infinito) a través de un paquete manipulado. • http://www.debian.org/security/2015/dsa-3277 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.securityfocus.com/bid/74631 http://www.wireshark.org/security/wnpa-sec-2015-17.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11110 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=e243b0041328980a9bbd43bb8a8166d7422f9096 https://security.gentoo.org/glsa/201510-03 • CWE-189: Numeric Errors •
CVSS: 5.0EPSS: 0%CPEs: 21EXPL: 0CVE-2015-3811 – wireshark: WCP dissector crash (wnpa-sec-2015-14)
https://notcve.org/view.php?id=CVE-2015-3811
epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 improperly refers to previously processed bytes, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, a different vulnerability than CVE-2015-2188. epan/dissectors/packet-wcp.c en el disector WCP en Wireshark 1.10.x anterior a 1.10.14 y 1.12.x anterior a 1.12.5 refiere incorrectamente a bytes previamente procesados, lo que permite a atacantes remotos causar una denegación de servicio (caída de aplicación) a través de un paquete manipulado, una vulnerabilidad diferente a CVE-2015-2188. A flaw was found in WCP dissector of wireshark of which an attacker could crash wireshark by injecting a specially crafted packet onto the wire or by convincing wireshark user to read malformed packet trace file. • http://rhn.redhat.com/errata/RHSA-2017-0631.html http://www.debian.org/security/2015/dsa-3277 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.wireshark.org/security/wnpa-sec-2015-14.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10978 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=a6fc6aa0b4efc1a1c3d7a2e3b5189e888fb6ccc2 https://security.gentoo.o • CWE-17: DEPRECATED: Code CWE-665: Improper Initialization •