CVSS: 7.5EPSS: 54%CPEs: 170EXPL: 0CVE-2015-8000 – bind: responses with a malformed class attribute can trigger an assertion failure in db.c
https://notcve.org/view.php?id=CVE-2015-8000
16 Dec 2015 — db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute. db.c en named en ISC BIND 9.x en versiones anteriores a 9.9.8-P2 y 9.10.x en versiones anteriores a 9.10.3-P2 permite a atacantes remotos causar una denegación de servicio (falla de aserción REQUIRE y salida del demonio) a través de un atributo de clase mal formado. A denial of service flaw was found in the... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174143.html • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 2%CPEs: 56EXPL: 1CVE-2015-3195 – OpenSSL: X509_ATTRIBUTE memory leak
https://notcve.org/view.php?id=CVE-2015-3195
03 Dec 2015 — The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application. La implementación ASN1_TFLG_COMBINE en crypto/asn1/tasn_dec.c en OpenSSL en versiones anteriores a 0.9.8zh, 1.0.0 en versiones anteriores a 1.0.0t, 1.... • https://github.com/Trinadh465/OpenSSL-1_0_1g_CVE-2015-3195 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 10.0EPSS: 0%CPEs: 30EXPL: 0CVE-2015-8104 – virt: guest to host DoS by triggering an infinite loop in microcode via #DB exception
https://notcve.org/view.php?id=CVE-2015-8104
16 Nov 2015 — The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c. El subsistema KVM en el kernel Linux hasta la versión 4.2.6, y Xen 4.3.x hasta la versión 4.6.x permite a usuarios del SO invitados causar una denegación de servicio (panic en el host del SO o cuelgue) desencadenando muchas excepciones #DB (también conocidas como Debug), relacionadas con s... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cbdb967af3d54993f5814f1cee0ed311a055377d • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.7EPSS: 4%CPEs: 62EXPL: 0CVE-2015-8126 – libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions
https://notcve.org/view.php?id=CVE-2015-8126
13 Nov 2015 — Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. Múltiples desbordamientos de buffer en las funciones (1) png_set_PLTE y (2) png_get_PLTE en libpng en ver... • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 5%CPEs: 21EXPL: 0CVE-2015-2695 – Ubuntu Security Notice USN-2810-1
https://notcve.org/view.php?id=CVE-2015-2695
09 Nov 2015 — lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call. lib/gssapi/spnego/spnego_mech.c en MIT Kerberos 5 (también conocido como krb5) en versiones anteriores a 1.14 confía en un manejo de contexto inapropiado, lo que permite a atacantes remotos provocar una denegació... • http://krbdev.mit.edu/rt/Ticket/Display.html?id=8244 • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 6.5EPSS: 6%CPEs: 15EXPL: 0CVE-2015-2697 – Ubuntu Security Notice USN-2810-1
https://notcve.org/view.php?id=CVE-2015-2697
09 Nov 2015 — The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\0' character in a long realm field within a TGS request. La función build_principal_va en lib/krb5/krb/bld_princ.c en MIT Kerberos 5 (también conocido como krb5) en versiones anteriores a 1.14 permite a usuarios remotos autenticados provocar una denegación de servicio (lectura fuera de rango y c... • http://krbdev.mit.edu/rt/Ticket/Display.html?id=8252 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 35EXPL: 0CVE-2015-4913 – mysql: unspecified vulnerability related to Server:DML (CPU October 2015)
https://notcve.org/view.php?id=CVE-2015-4913
21 Oct 2015 — Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.45 y versiones anteriores y 5.6.26 y versiones anteriores permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores relacionados con Server : DML, una vulnerabilidad diferente a CVE-2015-4858.... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html •
CVSS: 6.5EPSS: 0%CPEs: 35EXPL: 0CVE-2015-4836 – mysql: unspecified vulnerability related to Server:SP (CPU October 2015)
https://notcve.org/view.php?id=CVE-2015-4836
21 Oct 2015 — Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.45 y versiones anteriores y 5.6.26 y versiones anteriores, permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores desconocidos relacionados con Server : SP. MariaDB is a multi-user, multi-threaded SQL database server. For all ... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html •
CVSS: 6.5EPSS: 0%CPEs: 34EXPL: 0CVE-2015-4858 – mysql: unspecified vulnerability related to Server:DML (CPU October 2015)
https://notcve.org/view.php?id=CVE-2015-4858
21 Oct 2015 — Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.45 y versiones anteriores y 5.6.26 y versiones anteriores, permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores relacionados con DML, una vulnerabilidad diferente a CVE-2015-4913. MariaDB is a m... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html •
CVSS: 6.5EPSS: 0%CPEs: 35EXPL: 0CVE-2015-4861 – mysql: unspecified vulnerability related to Server:InnoDB (CPU October 2015)
https://notcve.org/view.php?id=CVE-2015-4861
21 Oct 2015 — Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.45 y versiones anteriores y 5.6.26 y versiones anteriores, permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores desconocidos relacionados con Server : InnoDB. MariaDB is a multi-user, multi-threaded SQL database server. ... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html •