CVSS: 8.8EPSS: 1%CPEs: 51EXPL: 1CVE-2015-3214 – QEMU - Programmable Interrupt Timer Controller Heap Overflow
https://notcve.org/view.php?id=CVE-2015-3214
27 Jul 2015 — The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index. Vulnerabilidad en pit_ioport_read en i8254.c en el kernel de Linux en versiones anteriores a 2.6.33 y en QEMU en versiones anteriores a 2.3.1, no distingue entre longitudes de lectura y longitudes de escritura, lo que podría permitir a los usuarios in... • https://www.exploit-db.com/exploits/37990 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 33EXPL: 0CVE-2015-2643 – mysql: unspecified vulnerability related to Server:Optimizer (CPU July 2015)
https://notcve.org/view.php?id=CVE-2015-2643
16 Jul 2015 — Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.43 y anteriores y 5.6.24 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con Server : Optimizer. MariaDB is a multi-user, multi-threaded SQL database server that is binary comp... • http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html •
CVSS: 8.8EPSS: 0%CPEs: 33EXPL: 0CVE-2015-2648 – mysql: unspecified vulnerability related to Server:DML (CPU July 2015)
https://notcve.org/view.php?id=CVE-2015-2648
16 Jul 2015 — Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.43 y anteriores y 5.6.24 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con DML. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found that the MySQL clie... • http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html •
CVSS: 8.8EPSS: 0%CPEs: 31EXPL: 0CVE-2015-4757 – mysql: unspecified vulnerability related to Server:Optimizer (CPU July 2015)
https://notcve.org/view.php?id=CVE-2015-4757
16 Jul 2015 — Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.42 y anteriores y 5.6.23 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con Server : Optimizer. MariaDB is a multi-user, multi-threaded SQL database server that is binary comp... • http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html •
CVSS: 4.3EPSS: 0%CPEs: 27EXPL: 0CVE-2015-2582 – mysql: unspecified vulnerability related to Server:GIS (CPU July 2015)
https://notcve.org/view.php?id=CVE-2015-2582
16 Jul 2015 — Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS. Vulnerabilidad no especificada en Oracle MySQL Server versión 5.5.43 y anteriores y versión 5.6.24 y anteriores, permiten a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con los GIS. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was foun... • http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html •
CVSS: 8.8EPSS: 0%CPEs: 35EXPL: 0CVE-2015-4752 – mysql: unspecified vulnerability related to Server:I_S (CPU July 2015)
https://notcve.org/view.php?id=CVE-2015-4752
16 Jul 2015 — Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.43 y anteriores y 5.6.24 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con Server : I_S. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found t... • http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html •
CVSS: 9.8EPSS: 9%CPEs: 27EXPL: 1CVE-2015-4643 – php: integer overflow in ftp_genlist() resulting in heap overflow (improved fix for CVE-2015-4022)
https://notcve.org/view.php?id=CVE-2015-4643
07 Jul 2015 — Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022. Desbordamiento de entero en la función ftp_genlist en ext/ftp/ftp.c en PHP en versiones anteriores a 5.4.42, 5.5.x en versiones anteriores a 5.5.26 y 5.6.x en versiones anter... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=0765623d6991b62ffcd93ddb6be8a5203a2fa7e2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 56EXPL: 0CVE-2015-3281 – haproxy: information leak in buffer_slow_realign()
https://notcve.org/view.php?id=CVE-2015-3281
06 Jul 2015 — The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request. La función buffer_slow_realign en HAProxy 1.5.x anterior a 1.5.14 y 1.6-dev no realinea correctamente un buffer que es utilizado para datos salientes pendientes, lo que permite a atacantes remotos obtener información sensib... • http://git.haproxy.org/?p=haproxy-1.5.git%3Ba=commit%3Bh=7ec765568883b2d4e5a2796adbeb492a22ec9bd4 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 18EXPL: 0CVE-2015-3147 – abrt: does not validate contents of uploaded problem reports
https://notcve.org/view.php?id=CVE-2015-3147
10 Jun 2015 — daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt. El archivo daemon/abrt-handle-upload.in en Automatic Bug Reporting Tool (ABRT), cuando mueve reportes de problemas desde /var/spool/abrt-upload, permite a usuarios locales escribir en archivos arbitrarios o posiblemente tener otro ... • http://rhn.redhat.com/errata/RHSA-2015-1083.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-283: Unverified Ownership •
CVSS: 9.8EPSS: 2%CPEs: 27EXPL: 0CVE-2015-0192 – JDK: unspecified Java sandbox restrictions bypass
https://notcve.org/view.php?id=CVE-2015-0192
13 May 2015 — Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine. Vulnerabilidad no especificada en IBM Java 8 anterior a SR1, 7 R1 anterior a SR2 FP11, 7 anterior a SR9, 6 R1 anterior a SR8 FP4, 6 anterior a SR16 FP4, y 5.0 anterior a SR16 FP10 permite a atacantes remotos ganar privilegios a través de vectores desconocidos... • http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html •