CVSS: 9.8EPSS: 0%CPEs: 24EXPL: 0CVE-2016-0600 – mysql: unspecified vulnerability in subcomponent: Server: InnoDB (CPU January 2016)
https://notcve.org/view.php?id=CVE-2016-0600
21 Jan 2016 — Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to InnoDB. Vulnerabilidad no especificada en Oracle MySQL 5.5.46 y versiones anteriores, 5.6.27 y versiones anteriores y 5.7.9 y MariaDB en versiones anteriores a 5.5.47, 10.0.x en versiones anteriores a 10.0.23 y 10.1.x en versiones anteriores a 10.1.10 perm... • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html •
CVSS: 9.8EPSS: 0%CPEs: 24EXPL: 0CVE-2016-0606 – mysql: unspecified vulnerability in subcomponent: Server: Security: Encryption (CPU January 2016)
https://notcve.org/view.php?id=CVE-2016-0606
21 Jan 2016 — Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect integrity via unknown vectors related to encryption. Vulnerabilidad no especificada en Oracle MySQL 5.5.46 y versiones anteriores, 5.6.27 y versiones anteriores y 5.7.9 y MariaDB en versiones anteriores a 5.5.47, 10.0.x en versiones anteriores a 10.0.23 y 10.1.x en versiones anteriores a 10.1.10 per... • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html •
CVSS: 9.8EPSS: 0%CPEs: 24EXPL: 0CVE-2016-0608 – mysql: unspecified vulnerability in subcomponent: Server: UDF (CPU January 2016)
https://notcve.org/view.php?id=CVE-2016-0608
21 Jan 2016 — Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF. Vulnerabilidad no especificada en Oracle MySQL 5.5.46 y versiones anteriores, 5.6.27 y versiones anteriores y 5.7.9 y MariaDB en versiones anteriores a 5.5.47, 10.0.x en versiones anteriores a 10.0.23 y 10.1.x en versiones anteriores a 10.1.10 permite a usuar... • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2013-4312 – kernel: File descriptors passed over unix sockets are not properly accounted
https://notcve.org/view.php?id=CVE-2013-4312
19 Jan 2016 — The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c. El kernel de Linux en versiones anteriores a 4.4.1 permite a usuarios locales eludir los limites de descriptor de fichero y provocar una denegación de servicio (consumo de memoria) enviando cada descriptor a través de un socket UNIX antes de cerrarlo, relacion... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=712f4aad406bb1ed67f3f98d04c044191f0ff593 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 67%CPEs: 58EXPL: 0CVE-2016-0777 – OpenSSH: Client Information leak due to use of roaming connection feature
https://notcve.org/view.php?id=CVE-2016-0777
14 Jan 2016 — The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. La función resend_bytes en roaming_common.c en el cliente en OpenSSH 5.x, 6.x y 7.x en versiones anteriores a 7.1p2 permite a servidores remotos obtener información sensible desde la memoria de proceso mediante la petición de transmisión de un bu... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-682: Incorrect Calculation •
CVSS: 8.1EPSS: 1%CPEs: 44EXPL: 1CVE-2016-0778 – OpenSSH: Client buffer-overflow when using roaming connections
https://notcve.org/view.php?id=CVE-2016-0778
14 Jan 2016 — The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings. Las funciones (1) roaming_read y (2) roaming_write en roaming_common.c en el cliente en OpenSSH 5.x, 6.x y 7.x en ve... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 1%CPEs: 11EXPL: 1CVE-2015-8668 – libtiff: OOB read in bmp2tiff
https://notcve.org/view.php?id=CVE-2015-8668
28 Dec 2015 — Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a large width field in a BMP image. Desbordamiento de buffer basado en memoria dinámica en la función PackBitsPreEncode en tif_packbits.c en bmp2tiff en libtiff 4.0.6 y versiones anteriores permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio a través de un campo width... • http://packetstormsecurity.com/files/135080/libtiff-4.0.6-Heap-Overflow.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 64%CPEs: 170EXPL: 0CVE-2015-8000 – bind: responses with a malformed class attribute can trigger an assertion failure in db.c
https://notcve.org/view.php?id=CVE-2015-8000
16 Dec 2015 — db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute. db.c en named en ISC BIND 9.x en versiones anteriores a 9.9.8-P2 y 9.10.x en versiones anteriores a 9.10.3-P2 permite a atacantes remotos causar una denegación de servicio (falla de aserción REQUIRE y salida del demonio) a través de un atributo de clase mal formado. A denial of service flaw was found in the... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174143.html • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 2%CPEs: 14EXPL: 0CVE-2015-7512 – Qemu: net: pcnet: buffer overflow in non-loopback mode
https://notcve.org/view.php?id=CVE-2015-7512
03 Dec 2015 — Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet. Desbordamiento de buffer en la función pcnet_receive en hw/net/pcnet.c en QEMU, cuando un NIC invitado tiene un MTU más grande, permite a atacantes provocar una denegación de servicio (caída de SO invitado) o ejecutar código arbitrario a través de un paquete grande. A buffer overflow fla... • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=8b98a2f07175d46c3f7217639bd5e03f • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow •
CVSS: 5.3EPSS: 2%CPEs: 56EXPL: 1CVE-2015-3195 – OpenSSL: X509_ATTRIBUTE memory leak
https://notcve.org/view.php?id=CVE-2015-3195
03 Dec 2015 — The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application. La implementación ASN1_TFLG_COMBINE en crypto/asn1/tasn_dec.c en OpenSSL en versiones anteriores a 0.9.8zh, 1.0.0 en versiones anteriores a 1.0.0t, 1.... • https://github.com/Trinadh465/OpenSSL-1_0_1g_CVE-2015-3195 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-401: Missing Release of Memory after Effective Lifetime •