CVSS: 8.6EPSS: 0%CPEs: 37EXPL: 0CVE-2015-4830 – mysql: unspecified vulnerability related to Server:Security:Privileges (CPU October 2015)
https://notcve.org/view.php?id=CVE-2015-4830
21 Oct 2015 — Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.45 y versiones anteriores y 5.6.26 y versiones anteriores permite a usuarios remotos autenticados afectar a la integridad a través de vectores desconocidos relacionados con Server : Security : Privileges. MariaDB is a multi-user, multi-threaded S... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2015-7830 – Wireshark PCAPNG if_filter Arbitrary Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-7830
20 Oct 2015 — The pcapng_read_if_descr_block function in wiretap/pcapng.c in the pcapng parser in Wireshark 1.12.x before 1.12.8 uses too many levels of pointer indirection, which allows remote attackers to cause a denial of service (incorrect free and application crash) via a crafted packet that triggers interface-filter copying. La función pcapng_read_if_descr_block en wiretap/pcapng.c en el analizador pcapng en Wireshark 1.12.x en versiones anteriores a 1.12.8 utiliza demasiados niveles de indirección de puntero, lo q... • http://lists.opensuse.org/opensuse-updates/2015-10/msg00053.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 11%CPEs: 7EXPL: 0CVE-2015-7236 – rpcbind: Use-after-free vulnerability in PMAP_CALLIT
https://notcve.org/view.php?id=CVE-2015-7236
24 Sep 2015 — Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a PMAP_CALLIT code. Vulnerabilidad de uso después de liberación de memoria en xprt_set_caller en rpcb_svc_com.c en rpcbind 0.2.1 y versiones anteriores, permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de paquetes manipulados, implicando un código PMAP_CALLIT. A use-after-f... • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171030.html • CWE-416: Use After Free •
CVSS: 4.3EPSS: 0%CPEs: 36EXPL: 0CVE-2015-4020
https://notcve.org/view.php?id=CVE-2015-4020
25 Aug 2015 — RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original domain name, aka a "DNS hijack attack." NOTE: this vulnerability exists because to an incomplete fix for CVE-2015-3900. RubyGems 2.0.x en versiones anteriores a 2.0.17, 2.2.x en versiones anteriores a 2.2.5 y 2.4.x ... • http://blog.rubygems.org/2015/06/08/2.2.5-released.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2015-6241 – Debian Security Advisory 3367-1
https://notcve.org/view.php?id=CVE-2015-6241
24 Aug 2015 — The proto_tree_add_bytes_item function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 does not properly terminate a data structure after a failure to locate a number within a string, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Vulnerabilidad en la función proto_tree_add_bytes_item en epan/proto.c en la implementación protocol-tree en Wireshark 1.12.x en versiones anteriores a 1.12.7, no finaliza adecuadamente una... • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168837.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2015-6242 – Debian Security Advisory 3367-1
https://notcve.org/view.php?id=CVE-2015-6242
24 Aug 2015 — The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block.c in the wmem block allocator in the memory manager in Wireshark 1.12.x before 1.12.7 does not properly consider a certain case of multiple realloc operations that restore a memory chunk to its original size, which allows remote attackers to cause a denial of service (incorrect free operation and application crash) via a crafted packet. Vulnerabilidad en la función wmem_block_split_free_chunk en epan/wmem/wmem_allocator_block.c en el... • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168837.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2015-6243 – wireshark: Dissector table crash (wnpa-sec-2015-23)
https://notcve.org/view.php?id=CVE-2015-6243
24 Aug 2015 — The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the (1) dissector_get_string_handle and (2) dissector_get_default_string_handle functions. Vulnerabilidad en la implementación dissector-table en epan/packet.c en Wireshark 1.12.x en versiones anteriores a 1.12.7, maneja incorrectamente las búsquedas de cadenas vacías ... • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168837.html • CWE-20: Improper Input Validation CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2015-6244 – wireshark: ZigBee dissector crash (wnpa-sec-2015-24)
https://notcve.org/view.php?id=CVE-2015-6244
24 Aug 2015 — The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Vulnerabilidad en la función dissect_zbee_secure en epan/dissectors/packet-zbee-security.c en el disector ZigBee en Wireshark 1.12.x en versiones anteriores a 1.12.7, confía inadecuadamente en los campos de longitud c... • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168837.html • CWE-20: Improper Input Validation CWE-130: Improper Handling of Length Parameter Inconsistency •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2015-6245 – wireshark: GSM RLC/MAC dissector infinite loop (wnpa-sec-2015-25)
https://notcve.org/view.php?id=CVE-2015-6245
24 Aug 2015 — epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. Vulnerabilidad en epan/dissectors/packet-gsm_rlcmac.c en el disector GSM RLC/MAC en Wireshark 1.12.x en versiones anteriores a 1.12.7, usa tipos de datos de enteros incorrectos, lo que permite a atacantes remotos causar una denegación de servicio (bucle infinito) a través de un pa... • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168837.html • CWE-20: Improper Input Validation CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2015-6246 – wireshark: WaveAgent dissector crash (wnpa-sec-2015-26)
https://notcve.org/view.php?id=CVE-2015-6246
24 Aug 2015 — The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. Vulnerabilidad en la función dissect_wa_payload en epan/dissectors/packet-waveagent.c en el disector WaveAgent en Wireshark 1.12.x en versiones anteriores a 1.12.7, no maneja adecuadamente los valores de etiqueta grandes, lo que permite a atacantes re... • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168837.html • CWE-20: Improper Input Validation •