CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2015-3416 – sqlite: stack buffer overflow in src/printf.c
https://notcve.org/view.php?id=CVE-2015-3416
24 Apr 2015 — The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement. La función sqlite3VXPrintf en printf.c en SQLite anterior a 3.8.9 no maneja correctamente los valores de precisión y anchu... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html • CWE-121: Stack-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 155EXPL: 0CVE-2015-3143 – curl: re-using authenticated connection when unauthenticated
https://notcve.org/view.php?id=CVE-2015-3143
22 Apr 2015 — cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015. cURL y libcurl 7.10.6 hasta 7.41.0 no reutilizan correctamente las conexiones NTLM, lo que permite a atacantes remotos conectar como otros usuarios a través de una solicitud no autenticada, un problema similar a CVE-2014-0015. It was discovered that libcurl could incorrectly reuse NTLM-authenticated connect... • http://advisories.mageia.org/MGASA-2015-0179.html • CWE-264: Permissions, Privileges, and Access Controls CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 3%CPEs: 58EXPL: 1CVE-2015-2783 – php: buffer over-read in Phar metadata parsing
https://notcve.org/view.php?id=CVE-2015-2783
20 Apr 2015 — ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions. ext/phar/phar.c en PHP anterior a 5.4.40, 5.5.x anterior a 5.5.24, y 5.6.x anterior a 5.6.8 permite a atacantes remotos obte... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 6%CPEs: 61EXPL: 1CVE-2015-3330 – php: pipelined request executed in deinitialized interpreter under httpd 2.4
https://notcve.org/view.php?id=CVE-2015-3330
20 Apr 2015 — The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a "deconfigured interpreter." La función php_handler en sapi/apache2handler/sapi_apache2.c en PHP anterior a 5.4.40, 5.5.x anterior a 5.5.24, y 5.6.x anterior a 5.6.8, cuando Apache HTTP S... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=809610f5ea38a83b284e1125d1fff129bdd615e7 • CWE-20: Improper Input Validation CWE-665: Improper Initialization •
CVSS: 9.8EPSS: 45%CPEs: 67EXPL: 1CVE-2015-3329 – php: buffer overflow in phar_set_inode()
https://notcve.org/view.php?id=CVE-2015-3329
20 Apr 2015 — Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive. Múltiples desbordamientos de buffer basado en pila en la función phar_set_inode en phar_internal.h en PHP anterior a 5.4.40, 5.5.x anterior a 5.5.24, y 5.6.x anterior a 5.6.8 permiten a atacantes remotos ejecutar código arbitrario a travé... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=f59b67ae50064560d7bfcdb0d6a8ab284179053c • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 3CVE-2015-1100 – Apple Mac OSX - Local Denial of Service
https://notcve.org/view.php?id=CVE-2015-1100
09 Apr 2015 — The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (out-of-bounds memory access) or obtain sensitive memory-content information via a crafted app. El kernel en Apple iOS anterior a 8.3, Apple OS X anterior a 10.10.3, y Apple TV anterior a 7.2 permite a atacantes causar una denegación de servicio (acceso a memoria fuera de rango) u obtener información sensible del contenido de la memoria a través de una aplicación manipulada. O... • https://packetstorm.news/files/id/131508 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1148 – Apple Security Advisory 2015-04-08-2
https://notcve.org/view.php?id=CVE-2015-1148
09 Apr 2015 — Screen Sharing in Apple OS X before 10.10.3 stores the password of a user in a log file, which might allow context-dependent attackers to obtain sensitive information by reading this file. Screen Sharing en Apple OS X anterior a 10.10.3 almacena la contraseña de un usuario en un fichero del registro, lo que podría permitir a atacantes dependientes de contexto obtener información sensible mediante la lectura de este fichero. OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address pri... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2015-1147 – Apple Security Advisory 2015-04-08-2
https://notcve.org/view.php?id=CVE-2015-1147
09 Apr 2015 — Open Directory Client in Apple OS X before 10.10.3 sends unencrypted password-change requests in certain circumstances involving missing certificates, which allows remote attackers to obtain sensitive information by sniffing the network. Open Directory Client en Apple OS X anterior a 10.10.3 envía solicitudes de cambio de contraseñas no codificadas en ciertas circunstancias que involucran certificados perdidos, lo que permite a atacantes remotos obtener información sensible mediante la captura de trafico de... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-1098 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1098
09 Apr 2015 — iWork in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file. iWork en Apple iOS anterior a 8.3 y Apple OS X anterior a 10.10.3 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un fichero iWork manipulado. OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address privilege escalation, co... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2015-1138 – Apple Security Advisory 2015-04-08-2
https://notcve.org/view.php?id=CVE-2015-1138
09 Apr 2015 — Hypervisor in Apple OS X before 10.10.3 allows local users to cause a denial of service via unspecified vectors. Hypervisor en Apple OS X anterior a 10.10.3 permite a usuarios locales causar una denegación de servicio a través de vectores no especificados. OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address privilege escalation, code execution, information disclosure, and various other vulnerabilities. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-20: Improper Input Validation •