CVSS: 5.0EPSS: 2%CPEs: 38EXPL: 0CVE-2015-2568 – mysql: unspecified vulnerability related to Server:Security:Privileges (CPU April 2015)
https://notcve.org/view.php?id=CVE-2015-2568
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.41 y anteriores, y 5.6.22 y anteriores, permite a atacantes remotos afectar la disponibilidad a través de vectores desconocidos relacionados con Server : Security : Privileges. • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html http://rhn.redhat.com/errata/RHSA-2015-1628.html http://rhn.redhat.com/errata/RHSA-2015-1629.html http://rhn.redhat.com/errata/RHSA-2015-1647.html http://rhn.redhat.com/errata/RHSA-2015-1665.html http://www.debian.org/security/2015/dsa-3229 http://www.debian.org/security/2015/dsa-3311 http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.oracle.com/technetwork/topic •
CVSS: 4.0EPSS: 0%CPEs: 34EXPL: 0CVE-2015-2571 – mysql: unspecified vulnerability related to Server:Optimizer (CPU April 2015)
https://notcve.org/view.php?id=CVE-2015-2571
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.42 y anteriores, y 5.6.23 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con Server : Optimizer. • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html http://rhn.redhat.com/errata/RHSA-2015-1628.html http://rhn.redhat.com/errata/RHSA-2015-1629.html http://rhn.redhat.com/errata/RHSA-2015-1647.html http://rhn.redhat.com/errata/RHSA-2015-1665.html http://www.debian.org/security/2015/dsa-3229 http://www.debian.org/security/2015/dsa-3311 http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 http://www.oracle.com/technetwork/topics/securi •
CVSS: 4.0EPSS: 0%CPEs: 34EXPL: 0CVE-2015-2573 – mysql: unspecified vulnerability related to Server:DDL (CPU April 2015)
https://notcve.org/view.php?id=CVE-2015-2573
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.41 y anteriores, y 5.6.22 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con DDL. • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html http://rhn.redhat.com/errata/RHSA-2015-1628.html http://rhn.redhat.com/errata/RHSA-2015-1629.html http://rhn.redhat.com/errata/RHSA-2015-1647.html http://rhn.redhat.com/errata/RHSA-2015-1665.html http://www.debian.org/security/2015/dsa-3229 http://www.debian.org/security/2015/dsa-3311 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.oracle.com/technetwork/t •
CVSS: 5.0EPSS: 2%CPEs: 64EXPL: 0CVE-2015-0248 – subversion: (mod_dav_svn) remote denial of service with certain requests with dynamically evaluated revision numbers
https://notcve.org/view.php?id=CVE-2015-0248
The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers. Los servidores (1) mod_dav_svn yd (2) svnserve en Subversion 1.6.0 hasta 1.7.19 y 1.8.0 hasta 1.8.11 permiten a atacantes remotos causar una denegación de servicio (fallo de aserción y abortar) a través de combinaciones de parámetros relacionadas con números de revisión evaluados dinámicamente. An assertion failure flaw was found in the way the SVN server processed certain requests with dynamically evaluated revision numbers. A remote attacker could use this flaw to cause the SVN server (both svnserve and httpd with the mod_dav_svn module) to crash. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html http://lists.opensuse.org/opensuse-updates/2015-04/msg00008.html http://rhn.redhat.com/errata/RHSA-2015-1633.html http://rhn.redhat.com/errata/RHSA-2015-1742.html http://subversion.apache.org/security/CVE-2015-0248-advisory.txt http://www.debian.org/security/2015/dsa-3231 http://www.mandriva.com/security/advisories?name=MDVSA-2015:192 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html • CWE-399: Resource Management Errors CWE-617: Reachable Assertion •
CVSS: 4.0EPSS: 0%CPEs: 73EXPL: 0CVE-2015-0251 – subversion: (mod_dav_svn) spoofing svn:author property values for new revisions
https://notcve.org/view.php?id=CVE-2015-0251
The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences. El servidor mod_dav_svn en Subversion 1.5.0 hasta 1.7.19 y 1.8.0 hasta 1.8.11 permite a usuarios remotos autenticados falsificar la propiedad svn:author a través de secuencias manipuladas de solicitudes del protocolo v1 HTTP. It was found that the mod_dav_svn module did not properly validate the svn:author property of certain requests. An attacker able to create new revisions could use this flaw to spoof the svn:author property. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html http://lists.opensuse.org/opensuse-updates/2015-04/msg00008.html http://rhn.redhat.com/errata/RHSA-2015-1633.html http://rhn.redhat.com/errata/RHSA-2015-1742.html http://seclists.org/fulldisclosure/2015/Jun/32 http://subversion.apache.org/security/CVE-2015-0251-advisory.txt http://www.debian.org/security/2015/dsa-3231 http://www.mandriva.com/security/advisories?name=MDVSA-2015:192 http://www.oracle.com& • CWE-345: Insufficient Verification of Data Authenticity CWE-348: Use of Less Trusted Source •