CVSS: 5.0EPSS: 6%CPEs: 1EXPL: 2CVE-2015-6806
https://notcve.org/view.php?id=CVE-2015-6806
The MScrollV function in ansi.c in GNU screen 4.3.1 and earlier does not properly limit recursion, which allows remote attackers to cause a denial of service (stack consumption) via an escape sequence with a large repeat count value. Vulnerabilidad en la función MScrollV en ansi.c en GNU screen 4.3.1 y versiones anteriores, no limita correctamente la recursividad, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de pila) a través de una secuencia de escape con un valor grande de repeat count. • http://git.savannah.gnu.org/cgit/screen.git/commit/?id=b7484c224738247b510ed0d268cd577076958f1b http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00001.html http://www.debian.org/security/2015/dsa-3352 http://www.openwall.com/lists/oss-security/2015/09/01/1 http://www.openwall.com/lists/oss-security/2015/09/03/11 http://www.openwall.com/lists/oss-security/2015/09/03/4 https://savannah.gnu.org/bugs/?45713 https://usn.ubuntu.com/3996-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 18%CPEs: 23EXPL: 0CVE-2015-6251
https://notcve.org/view.php?id=CVE-2015-6251
Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate. Vulnerabilidad de liberación doble en GnuTLS en versiones anteriores a la 3.3.17 y 3.4.x versiones anteriores a 3.4.4, permite a atacantes remotos causar una denegación de servicio a través de una entrada DistinguishedName (DN) de gran longitud en un certificado. • http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165286.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00001.html http://www.debian.org/security/2015/dsa-3334 http://www.gnutls.org/security.html#GNUTLS-SA-2015-3 http://www.openwall.com/lists/oss-security/2015/08/10/1 http://www.openwall.com/lists/oss-security/2015/08/17/6 http://www.securityfocus.com/bid/76267 http://www.securitytracker.com/id/1033226 https://bugzilla.redhat.com/show& •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2015-2059
https://notcve.org/view.php?id=CVE-2015-2059
The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read. Vulnerabilidad en la función stringprep_utf8_to_ucs4 en libin en versiones anteriores a 1.31, tal como se utiliza en jabberd2, permite a atacantes dependientes del contexto leer la memoria del sistema y posiblemente tener otro impacto no especificado a través de caracteres UTF-8 no válidos en una cadena, lo que desencadena una lectura fuera de rango. • http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=2e97c279 http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162537.html http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162549.html http://lists.opensuse.org/opensuse-updates/2015-07/msg00042.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html http://www.debian.org/security/2016/dsa-3578 http://www.openwall.com/lists/oss-security/2015/02/23/25 http://www.securityfocus.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 2%CPEs: 5EXPL: 0CVE-2015-1396
https://notcve.org/view.php?id=CVE-2015-1396
A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196. Se presenta una vulnerabilidad de Salto de Directorio en el parche GNU versiones anteriores a 2.7.4. Un atacante remoto puede escribir en archivos arbitrarios por medio de un ataque de tipo symlink en un archivo de parche. • http://www.openwall.com/lists/oss-security/2015/01/27/29 http://www.securityfocus.com/bid/75358 http://www.ubuntu.com/usn/USN-2651-1 https://bugzilla.redhat.com/show_bug.cgi?id=1186764 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 3%CPEs: 2EXPL: 0CVE-2015-3308
https://notcve.org/view.php?id=CVE-2015-3308
Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point. Vulnerabilidad de liberación doble en lib/x509/x509_ext.c en GnuTLS en versiones anteriores a 3.3.14, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de un punto de distribución CRL manipulado. • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155101.html http://www.gnutls.org/security.html#GNUTLS-SA-2015-4 http://www.openwall.com/lists/oss-security/2015/04/15/6 http://www.openwall.com/lists/oss-security/2015/04/16/6 http://www.securityfocus.com/bid/74188 http://www.securitytracker.com/id/1033774 http://www.ubuntu.com/usn/USN-2727-1 https://gitlab.com/gnutls/gnutls/commit/053ae65403216acdb0a4e78b25ad66ee9f444f02 https://gitlab.com/gnutls/gnutls/co •