CVSS: 10.0EPSS: 6%CPEs: 2EXPL: 0CVE-2015-8385 – pcre: buffer overflow caused by named forward reference to duplicate group number (8.38/30)
https://notcve.org/view.php?id=CVE-2015-8385
02 Dec 2015 — PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. PCRE en versiones anteriores a 8.38 no maneja correctamente el patrón /(?|(\k'Pm')|(?' • http://rhn.redhat.com/errata/RHSA-2016-1025.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 6%CPEs: 2EXPL: 0CVE-2015-8388 – pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18)
https://notcve.org/view.php?id=CVE-2015-8388
02 Dec 2015 — PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. • http://rhn.redhat.com/errata/RHSA-2016-1025.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow CWE-185: Incorrect Regular Expression •
CVSS: 10.0EPSS: 4%CPEs: 2EXPL: 2CVE-2015-2328 – pcre: infinite recursion compiling pattern with recursive reference in a group with indefinite repeat (8.36/20)
https://notcve.org/view.php?id=CVE-2015-2328
02 Dec 2015 — PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. PCRE en versiones anteriores a 8.36 no maneja correctamente el patrón /((?(R)a|(? • http://rhn.redhat.com/errata/RHSA-2016-1025.html • CWE-19: Data Processing Errors CWE-674: Uncontrolled Recursion •
CVSS: 9.8EPSS: 9%CPEs: 24EXPL: 0CVE-2015-8391 – pcre: inefficient posix character class syntax check (8.38/16)
https://notcve.org/view.php?id=CVE-2015-8391
02 Dec 2015 — The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. La función pcre_compile en pcre_compile.c en PCRE en versiones anteriores a 8.38 no maneja correctamente cierta anidación [: , lo que permite a atacantes remotos causar una denegación de servi... • http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-407: Inefficient Algorithmic Complexity •
CVSS: 9.8EPSS: 7%CPEs: 6EXPL: 0CVE-2015-8386 – pcre: Buffer overflow caused by lookbehind assertion (8.38/6)
https://notcve.org/view.php?id=CVE-2015-8386
02 Dec 2015 — PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. PCRE en versiones anteriores a 8.38 no maneja correctamente la interacción de aserciones lookbehind y de subpatrones mutuamente recursivos, lo que permite a atacantes remotos causar ... • http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 2%CPEs: 18EXPL: 0CVE-2015-3276 – openldap: incorrect multi-keyword mode cipherstring parsing
https://notcve.org/view.php?id=CVE-2015-3276
20 Nov 2015 — The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors. La función nss_parse_ciphers en libraries/libldap/tls_m.c en OpenLDAP no analiza adecuadamente cadenas de cifrado en modo multiclave de estilo OpenSSL, lo que podría provocar el uso de un cifrado más débil que el previsto y permitir ... • http://rhn.redhat.com/errata/RHSA-2015-2131.html • CWE-682: Incorrect Calculation •
CVSS: 7.7EPSS: 6%CPEs: 62EXPL: 0CVE-2015-8126 – libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions
https://notcve.org/view.php?id=CVE-2015-8126
13 Nov 2015 — Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. Múltiples desbordamientos de buffer en las funciones (1) png_set_PLTE y (2) png_get_PLTE en libpng en ver... • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 1%CPEs: 33EXPL: 0CVE-2015-5219 – ntp: infinite loop in sntp processing crafted packet
https://notcve.org/view.php?id=CVE-2015-5219
27 Oct 2015 — The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet. La función ULOGTOD en el archivo ntp.d en SNTP en versiones anteriores a la 4.2.7p366 no realiza apropiadamente las conversiones de tipo de un valor de precisión a uno doble, lo que permite a los atacantes remotos causar una denegación de servicio (bucle infinito) por medio de... • http://aix.software.ibm.com/aix/efixes/security/ntp_advisory4.asc • CWE-704: Incorrect Type Conversion or Cast CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 0%CPEs: 35EXPL: 0CVE-2015-4913 – mysql: unspecified vulnerability related to Server:DML (CPU October 2015)
https://notcve.org/view.php?id=CVE-2015-4913
21 Oct 2015 — Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.45 y versiones anteriores y 5.6.26 y versiones anteriores permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores relacionados con Server : DML, una vulnerabilidad diferente a CVE-2015-4858.... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html •
CVSS: 6.5EPSS: 0%CPEs: 35EXPL: 0CVE-2015-4836 – mysql: unspecified vulnerability related to Server:SP (CPU October 2015)
https://notcve.org/view.php?id=CVE-2015-4836
21 Oct 2015 — Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.45 y versiones anteriores y 5.6.26 y versiones anteriores, permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores desconocidos relacionados con Server : SP. MariaDB is a multi-user, multi-threaded SQL database server. For all ... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html •