CVSS: 7.5EPSS: 75%CPEs: 41EXPL: 1CVE-2015-3145 – Gentoo Linux Security Advisory 201509-02
https://notcve.org/view.php?id=CVE-2015-3145
22 Apr 2015 — The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character. La función sanitize_cookie_path en cURL y libcurl 7.31.0 hasta 7.41.0 no calcula correctamente un indice, lo que permite a atacantes remotos causar una denegación de servicio (escritura fuera de rango y ca... • https://github.com/serz999/CVE-2015-3145 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 155EXPL: 0CVE-2015-3143 – curl: re-using authenticated connection when unauthenticated
https://notcve.org/view.php?id=CVE-2015-3143
22 Apr 2015 — cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015. cURL y libcurl 7.10.6 hasta 7.41.0 no reutilizan correctamente las conexiones NTLM, lo que permite a atacantes remotos conectar como otros usuarios a través de una solicitud no autenticada, un problema similar a CVE-2014-0015. It was discovered that libcurl could incorrectly reuse NTLM-authenticated connect... • http://advisories.mageia.org/MGASA-2015-0179.html • CWE-264: Permissions, Privileges, and Access Controls CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 3%CPEs: 58EXPL: 1CVE-2015-2783 – php: buffer over-read in Phar metadata parsing
https://notcve.org/view.php?id=CVE-2015-2783
20 Apr 2015 — ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions. ext/phar/phar.c en PHP anterior a 5.4.40, 5.5.x anterior a 5.5.24, y 5.6.x anterior a 5.6.8 permite a atacantes remotos obte... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 6%CPEs: 61EXPL: 1CVE-2015-3330 – php: pipelined request executed in deinitialized interpreter under httpd 2.4
https://notcve.org/view.php?id=CVE-2015-3330
20 Apr 2015 — The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a "deconfigured interpreter." La función php_handler en sapi/apache2handler/sapi_apache2.c en PHP anterior a 5.4.40, 5.5.x anterior a 5.5.24, y 5.6.x anterior a 5.6.8, cuando Apache HTTP S... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=809610f5ea38a83b284e1125d1fff129bdd615e7 • CWE-20: Improper Input Validation CWE-665: Improper Initialization •
CVSS: 9.8EPSS: 45%CPEs: 67EXPL: 1CVE-2015-3329 – php: buffer overflow in phar_set_inode()
https://notcve.org/view.php?id=CVE-2015-3329
20 Apr 2015 — Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive. Múltiples desbordamientos de buffer basado en pila en la función phar_set_inode en phar_internal.h en PHP anterior a 5.4.40, 5.5.x anterior a 5.5.24, y 5.6.x anterior a 5.6.8 permiten a atacantes remotos ejecutar código arbitrario a travé... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=f59b67ae50064560d7bfcdb0d6a8ab284179053c • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2015-1138 – Apple Security Advisory 2015-04-08-2
https://notcve.org/view.php?id=CVE-2015-1138
09 Apr 2015 — Hypervisor in Apple OS X before 10.10.3 allows local users to cause a denial of service via unspecified vectors. Hypervisor en Apple OS X anterior a 10.10.3 permite a usuarios locales causar una denegación de servicio a través de vectores no especificados. OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address privilege escalation, code execution, information disclosure, and various other vulnerabilities. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2015-1134 – Apple Security Advisory 2015-04-08-2
https://notcve.org/view.php?id=CVE-2015-1134
09 Apr 2015 — fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, and CVE-2015-1135. fontd en Apple Type Services (ATS) en Apple OS X anterior a 10.10.3 permite a usuarios locales ganar privilegios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, y CVE-2015-1135. OS X Yosemite 10.10.3 and Security Update 201... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 9%CPEs: 3EXPL: 0CVE-2015-1102 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1102
09 Apr 2015 — The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly handle TCP headers, which allows man-in-the-middle attackers to cause a denial of service via unspecified vectors. El kernel en Apple iOS anterior a 8.3, Apple OS X anterior a 10.10.3, y Apple TV anterior a 7.2 no maneja correctamente las cabeceras TCP, lo que permite a atacantes man-in-the-middle causar una denegación de servicio a través de vectores no especificados. OS X Yosemite 10.10.3 and Security ... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2015-1136 – Apple Security Advisory 2015-04-08-2
https://notcve.org/view.php?id=CVE-2015-1136
09 Apr 2015 — Use-after-free vulnerability in CoreAnimation in Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code by leveraging improper use of a mutex. Vulnerabilidad de uso después de liberación en CoreAnimation en Apple OS X anterior a 10.10.3 permite a atacantes remotos ejecutar código arbitrario mediante el aprovechamiento del uso indebido de un mutex. OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address privilege escalation, code execution, information disclosure... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-1118 – Apple Security Advisory 2015-04-08-3
https://notcve.org/view.php?id=CVE-2015-1118
09 Apr 2015 — libnetcore in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (memory corruption and application crash) via a crafted configuration profile. libnetcore en Apple iOS anterior a 8.3, Apple OS X anterior a 10.10.3, y Apple TV anterior a 7.2 permite a atacantes causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un perfil de configuración manipulado. OS X Yosemite 10.10.3 and Security Update 2015-004 a... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html •