Page 135 of 1121 results (0.008 seconds)

CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 0

CVE-2015-5200

https://notcve.org/view.php?id=CVE-2015-5200

The trace functionality in libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to write to arbitrary files via unspecified vectors. Vulnerabilidad en la funcionalidad de rastreo en libvdpau en versiones anteriores a 1.1.1, cuando se usa como una aplicación setuid o setgid, permite a usuarios locales escribir archivos arbitrarios a través de vectores no especificados. • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170637.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165546.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167469.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00012.html http://lists.x.org/archives/xorg-announce/2015-August/002630.html http://www.debian.org/security/2015/dsa-3355 http://www.securityfocus.com/bid/76636 http://www.ubuntu.com/usn/USN- •

CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0

CVE-2015-5199

https://notcve.org/view.php?id=CVE-2015-5199

Directory traversal vulnerability in dlopen in libvdpau before 1.1.1 allows local users to gain privileges via the VDPAU_DRIVER environment variable. Vulnerabilidad de salto de directorio en dlopen en libvdpau en versiones anteriores a 1.1.1, permite a usuarios locales obtener privilegios a través de la variable de entorno VDPAU_DRIVER. • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170637.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165546.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167469.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00012.html http://lists.x.org/archives/xorg-announce/2015-August/002630.html http://www.debian.org/security/2015/dsa-3355 http://www.securityfocus.com/bid/76636 http://www.ubuntu.com/usn/USN- • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0

CVE-2015-5198

https://notcve.org/view.php?id=CVE-2015-5198

libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to gain privileges via unspecified vectors, related to the VDPAU_DRIVER_PATH environment variable. Vulnerabilidad en libvdpau en versiones anteriores a 1.1.1, cuando se usa como una aplicación setuid o setgid, permite a usuarios locales obtener privilegios a través de vectores no especificados, relacionado con la variable de entorno VDPAU_DRIVER_PATH. • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170637.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165546.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167469.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00012.html http://lists.x.org/archives/xorg-announce/2015-August/002630.html http://www.debian.org/security/2015/dsa-3355 http://www.securityfocus.com/bid/76636 http://www.ubuntu.com/usn/USN- • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 2%CPEs: 5EXPL: 0

CVE-2012-4428

https://notcve.org/view.php?id=CVE-2012-4428

openslp: SLPIntersectStringList()' Function has a DoS vulnerability openslp: La función SLPIntersectStringList()' presenta una vulnerabilidad de DoS • http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159059.html http://www.openwall.com/lists/oss-security/2012/09/13/27 http://www.securityfocus.com/bid/55540 http://www.ubuntu.com/usn/USN-2730-1 https://access.redhat.com/security/cve/cve-2012-4428 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4428 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-4428 https://exchange.xforce.ibmcloud.com/vulnerabilities/78732 https://security-tracker.debian.org • CWE-125: Out-of-bounds Read •

CVSS: 5.0EPSS: 2%CPEs: 43EXPL: 0

CVE-2015-5963 – python-django: Denial-of-service possibility in logout() view by filling session store

https://notcve.org/view.php?id=CVE-2015-5963

contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record. Vulnerabilidad en contrib.sessions.middleware.SessionMiddleware en Django 1.8.x en versiones anteriores a 1.8.4, 1.7.x en versiones anteriores a 1.7.10, 1.4.x en versiones anteriores a 1.4.22 y posiblemente otras versiones, permite a atacantes remotos causar una denegación de servicio (consumo de almacén de sesión o eliminación de registro de sesión) a través de un gran número de peticiones a contrib.auth.views.logout, lo que desencadena la creación de un registro de sesión vacío. It was found that Django incorrectly handled the session store. A session could be created by anonymously accessing the django.contrib.auth.views.logout view if it was not decorated correctly with django.contrib.auth.decorators.login_required. A remote attacker could use this flaw to fill up the session store or cause other users' session records to be evicted by requesting a large number of new sessions. • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00026.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00035.html http://rhn.redhat.com/errata/RHSA-2015-1766.html http://rhn.redhat.com/errata/RHSA-2015-1767.html http://rhn.redhat.com/errata/RHSA-2015-1894.html http://www.debian.org/security/2015/dsa-3338 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http: • CWE-399: Resource Management Errors CWE-770: Allocation of Resources Without Limits or Throttling •