CVSS: 7.8EPSS: 11%CPEs: 10EXPL: 4CVE-2015-1157 – Apple Security Advisory 2015-06-30-2
https://notcve.org/view.php?id=CVE-2015-1157
28 May 2015 — CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications feature, as demonstrated by Arabic characters in (1) an SMS message or (2) a WhatsApp message. CoreText en Apple iOS 8.x hasta 8.3 permite a atacantes remotos causar una denegación de servicio (reinicio y interrupción de mensaje) a través de texto Unicode manipulado que no se maneja co... • https://github.com/perillamint/CVE-2015-1157 • CWE-17: DEPRECATED: Code •
CVSS: 4.3EPSS: 96%CPEs: 42EXPL: 1CVE-2015-4000 – LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks
https://notcve.org/view.php?id=CVE-2015-4000
21 May 2015 — The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. El protocolo TLS 1.2 y anteriores, cuando una suite de cifrado DHE_EXPORT está habilitada en un servidor pero no en un cliente, no t... • https://github.com/fatlan/HAProxy-Keepalived-Sec-HighLoads • CWE-310: Cryptographic Issues CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 9.8EPSS: 3%CPEs: 5EXPL: 3CVE-2014-8146 – ICU library 52 < 54 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-8146
05 May 2015 — The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text. La función resolveImplicitLevels en common/ubidi.c en la implementación Unicode Bidirectional Algorithm en ICU4C en International Comp... • https://www.exploit-db.com/exploits/43887 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 11%CPEs: 3EXPL: 3CVE-2014-8147 – ICU library 52 < 54 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-8147
05 May 2015 — The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text. La función resolveImplicitLevels en common/ubidi.c en la implementación Unicode Bidirectional Algorithm en ICU4C en... • https://www.exploit-db.com/exploits/43887 • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0CVE-2015-3153 – Debian Security Advisory 3240-1
https://notcve.org/view.php?id=CVE-2015-3153
30 Apr 2015 — The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents. La configuración por defecto para cURL y libcurl anterior a 7.42.1 envía cabeceras HTTP personalizadas tanto al servidor proxy como al de destinación, lo que podría permitir a servidores proxy remotos obtener información sensible mediante la lectura de los contenidos de cabeceras... • http://curl.haxx.se/docs/adv_20150429.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 1%CPEs: 10EXPL: 0CVE-2015-3414 – sqlite: use of uninitialized memory when parsing collation sequences in src/where.c
https://notcve.org/view.php?id=CVE-2015-3414
24 Apr 2015 — SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement. SQLite anterior a 3.8.9 no implementa correctamente la descomillación de nombres de secuencias de colaciones, lo que permite a atacantes dependientes de conte... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html • CWE-456: Missing Initialization of a Variable CWE-908: Use of Uninitialized Resource •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2015-3415 – sqlite: invalid free() in src/vdbe.c
https://notcve.org/view.php?id=CVE-2015-3415
24 Apr 2015 — The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement. La función sqlite3VdbeExec en vdbe.c en SQLite anterior a 3.8.9 no implementa correctamente los operadores de comparaciones, lo que permite a atacantes dependientes de contex... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html • CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2015-3416 – sqlite: stack buffer overflow in src/printf.c
https://notcve.org/view.php?id=CVE-2015-3416
24 Apr 2015 — The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement. La función sqlite3VXPrintf en printf.c en SQLite anterior a 3.8.9 no maneja correctamente los valores de precisión y anchu... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html • CWE-121: Stack-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 4%CPEs: 159EXPL: 0CVE-2015-3148 – curl: Negotiate not treated as connection-oriented
https://notcve.org/view.php?id=CVE-2015-3148
22 Apr 2015 — cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. cURL y libcurl 7.10.6 hasta la versión 7.41.0 no reutiliza adecuadamente la conexiones Negotiate autenticadas, lo que permite a atacantes remotos conectarse como otros usuarios a través de una solicitud. It was discovered that libcurl could incorrectly reuse Negotiate authenticated HTTP connections for subsequent requests. If an application... • http://advisories.mageia.org/MGASA-2015-0179.html • CWE-284: Improper Access Control CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 75%CPEs: 41EXPL: 1CVE-2015-3145 – Gentoo Linux Security Advisory 201509-02
https://notcve.org/view.php?id=CVE-2015-3145
22 Apr 2015 — The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character. La función sanitize_cookie_path en cURL y libcurl 7.31.0 hasta 7.41.0 no calcula correctamente un indice, lo que permite a atacantes remotos causar una denegación de servicio (escritura fuera de rango y ca... • https://github.com/serz999/CVE-2015-3145 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •