CVSS: 9.1EPSS: 0%CPEs: 237EXPL: 0CVE-2015-0832 – Ubuntu Security Notice USN-2505-2
https://notcve.org/view.php?id=CVE-2015-0832
25 Feb 2015 — Mozilla Firefox before 36.0 does not properly recognize the equivalence of domain names with and without a trailing . (dot) character, which allows man-in-the-middle attackers to bypass the HPKP and HSTS protection mechanisms by constructing a URL with this character and leveraging access to an X.509 certificate for a domain with this character. Mozilla Firefox anterior a 36.0 no reconoce correctamente la equivalencia de los nombres de dominios con y sin un caracter . (punto) final, lo que permite a atacant... • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html • CWE-254: 7PK - Security Features •
CVSS: 7.4EPSS: 0%CPEs: 237EXPL: 0CVE-2015-0834 – Ubuntu Security Notice USN-2505-2
https://notcve.org/view.php?id=CVE-2015-0834
25 Feb 2015 — The WebRTC subsystem in Mozilla Firefox before 36.0 recognizes turns: and stuns: URIs but accesses the TURN or STUN server without using TLS, which makes it easier for man-in-the-middle attackers to discover credentials by spoofing a server and completing a brute-force attack within a short time window. El subsistema WebRTC en Mozilla Firefox anterior a 36.0 reconoce las URIs turns: y stuns: pero accede al servidor TURN o STUN sin utilizar TLS, lo que facilita a atacantes man-in-the-middle descubrir credenc... • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 8EXPL: 1CVE-2013-7423 – glibc: getaddrinfo() writes DNS queries to random file descriptors under high load
https://notcve.org/view.php?id=CVE-2013-7423
24 Feb 2015 — The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function. La función send_dg en resolv/res_send.c en GNU C Library (también conocido como glibc o libc6) en versiones anteriores a 2.20 no reutiliza adecuadamente descriptores de fichero, lo que permite a atacantes remotos mandar cons... • https://packetstorm.news/files/id/164014 • CWE-17: DEPRECATED: Code CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 7.8EPSS: 3%CPEs: 7EXPL: 3CVE-2014-9402 – glibc: denial of service in getnetbyname function
https://notcve.org/view.php?id=CVE-2014-9402
24 Feb 2015 — The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process. La implementación nss_dns de getnetbyname en GNU C Library (también conocido como glibc) anterior a 2.21, cuando el backend DNS en la configuración Name Service Switch está habilitado, permite a atacantes remotos cau... • https://packetstorm.news/files/id/154361 • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.8EPSS: 3%CPEs: 5EXPL: 2CVE-2015-1472 – glibc: heap buffer overflow in glibc swscanf
https://notcve.org/view.php?id=CVE-2015-1472
24 Feb 2015 — The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call. El macro ADDW en stdio-common/vfscanf.c en la libraría GNU C (también conocida como glibc o libc6) anterior a 2.21 no considera co... • https://packetstorm.news/files/id/154361 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 0CVE-2015-1473 – glibc: Stack-overflow in glibc swscanf
https://notcve.org/view.php?id=CVE-2015-1473
24 Feb 2015 — The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service (segmentation violation) or overwrite memory locations beyond the stack boundary via a long line containing wide characters that are improperly handled in a wscanf call. El macro ADDW en stdio-common/vfscanf.c en la libraría GNU C (ta... • http://openwall.com/lists/oss-security/2015/02/04/1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 1%CPEs: 249EXPL: 0CVE-2015-0831 – Mozilla: Use-after-free in IndexedDB (MFSA 2015-16)
https://notcve.org/view.php?id=CVE-2015-0831
24 Feb 2015 — Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted content that is improperly handled during IndexedDB index creation. Vulnerabilidad de uso después de liberación en la función mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex en Mozilla Firefox anterior a... • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 91%CPEs: 96EXPL: 3CVE-2015-0240 – Samba < 3.6.2 (x86) - Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2015-0240
23 Feb 2015 — The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c. La implentación del servidor Netlogon en smbd en Samba 3.5.x y... • https://packetstorm.news/files/id/180975 • CWE-17: DEPRECATED: Code CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2015-1572 – Debian Security Advisory 3166-1
https://notcve.org/view.php?id=CVE-2015-1572
23 Feb 2015 — Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247. Desbordamiento de buffer basado en memoria dinámica en closefs.c en la libraría libext2fs en e2fsprogs anterior a 1.42.12 permite a usuarios locales ejecutar código arbitrario al causar que un descriptor manipulado de grupos en... • http://advisories.mageia.org/MGASA-2015-0088.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 4%CPEs: 9EXPL: 0CVE-2014-9679 – cups: cupsRasterReadPixels buffer overflow
https://notcve.org/view.php?id=CVE-2014-9679
19 Feb 2015 — Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow. Desbordamiento de enteros en la función cupsRasterReadPixels en filter/raster.c en CUPS anterior a 2.0.2 permite a atacantes remotos tener un impacto no especificado a través de un fichero de raster comprimido malformado, lo que provoca un desbordamiento de buffer. An integer overflow flaw, ... • http://advisories.mageia.org/MGASA-2015-0067.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •