CVSS: 4.3EPSS: 0%CPEs: 53EXPL: 0CVE-2015-2317
https://notcve.org/view.php?id=CVE-2015-2317
The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a control character in a URL, as demonstrated by a \x08javascript: URL. La función utils.http.is_safe_url en Django anterior a 1.4.20, 1.5.x, 1.6.x anterior a 1.6.11, 1.7.x anterior a 1.7.7, y 1.8.x anterior a 1.8c1 no valida correctamente las URLs, lo que permite a atacantes remotos realizar ataques de XSS a través de un caracter de control en una URL, tal y como fue demostrado por una URL \x08javascript. • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155421.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160263.html http://lists.opensuse.org/opensuse-updates/2015-04/msg00001.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00035.html http://ubuntu.com/usn/usn-2539-1 http://www.debian.org/security/2015/dsa-3204 http://www.mandriva.com/security/advisories?name=MDVSA-2015:195 http://www.oracle.com/technetwork/topics/security/bulletinapr2015& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 1%CPEs: 36EXPL: 0CVE-2015-2316
https://notcve.org/view.php?id=CVE-2015-2316
The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of service (infinite loop) by increasing the length of the input string. La función utils.html.strip_tags en Django 1.6.x anterior a 1.6.11, 1.7.x anterior a 1.7.7, y 1.8.x anterior a 1.8c1, cuando utiliza ciertos versiones de Python, permite a atacantes remotos causar una denegación de servicio (bucle infinito) mediante el incremento de la longitud de la cadena de entradas. • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155421.html http://lists.opensuse.org/opensuse-updates/2015-04/msg00001.html http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.securityfocus.com/bid/73322 http://www.ubuntu.com/usn/USN-2539-1 https://www.djangoproject.com/weblog/2015/mar/18/security-releases • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 2%CPEs: 7EXPL: 0CVE-2015-2155 – tcpdump: force printer vulnerability
https://notcve.org/view.php?id=CVE-2015-2155
The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. La impresora de fuerza en tcpdump en versiones anteriores a 4.7.2 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de vectores no especificados. • http://advisories.mageia.org/MGASA-2015-0114.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153834.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00084.html http://packetstormsecurity.com/files/130730/tcpdump-Denial-Of-Service-Code-Execution.html http://www.debian.org/security/2015/dsa-3193 http://www.mandriva.com/security/advisories?name=MDVSA-2015:125 http://www.mandriva.com/security/advisories?name=MDVSA-2015:182 http://www.oracle.com/technetwork/topics/ •
CVSS: 5.0EPSS: 0%CPEs: 7EXPL: 0CVE-2015-2190
https://notcve.org/view.php?id=CVE-2015-2190
epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet that is improperly handled by the LLDP dissector. epan/proto.c en Wireshark 1.12.x anterior a 1.12.4 no maneja correctamente los tipos de datos de enteros mayores a 32 bits en tamaño, lo que permite a atacantes remotos causar una denegación de servicio (fallo de aserción y salida de la aplicación) a través de un paquete manipulado que no está correctamente manejado por el disector LLDP. • http://lists.opensuse.org/opensuse-updates/2015-03/msg00038.html http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.securityfocus.com/bid/72938 http://www.securitytracker.com/id/1031858 http://www.wireshark.org/security/wnpa-sec-2015-09.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10983 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=d1865e000ebedf49fc0d9f221a11d6af74360837 https://security.gentoo.org/glsa/201510-03 • CWE-19: Data Processing Errors •
CVSS: 5.0EPSS: 0%CPEs: 24EXPL: 0CVE-2015-2188 – wireshark: The WCP dissector could crash while decompressing data (wnpa-sec-2015-07)
https://notcve.org/view.php?id=CVE-2015-2188
epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression. epan/dissectors/packet-wcp.c en el disector WCP en Wireshark 1.10.x anterior a 1.10.13 y 1.12.x anterior a 1.12.4 no inicializa correctamente una estructura de datos, lo que permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango y caída de la aplicación) a través de un paquete manipulado que no se maneja correctamente durante la decompresión. • http://advisories.mageia.org/MGASA-2015-0117.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00038.html http://www.debian.org/security/2015/dsa-3210 http://www.mandriva.com/security/advisories?name=MDVSA-2015:183 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/72942 http://www.securitytracker.com/id/1031858 http://www.wireshark.org/securit • CWE-19: Data Processing Errors CWE-125: Out-of-bounds Read •