CVSS: 9.1EPSS: 0%CPEs: 30EXPL: 0CVE-2015-0840 – Ubuntu Security Notice USN-2566-1
https://notcve.org/view.php?id=CVE-2015-0840
09 Apr 2015 — The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc). El comando dpkg-source en Debian dpkg anterior a 1.16.16 y 1.17.x anterior a 1.17.25 permite a atacantes remotos evadir verificación de firmas a través de un fichero de control de fuentes de Debian (.dsc) manipulado. Jann Horn discovered that the source package integrity verification in dpkg-source can be bypassed via a spec... • http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 7%CPEs: 9EXPL: 0CVE-2015-2806 – libtasn1: stack overflow in asn1_der_decoding
https://notcve.org/view.php?id=CVE-2015-2806
07 Apr 2015 — Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors. Desbordamiento de buffer basado en pila en asn1_der_decoding en libtasn1 anterior a 4.4 permite a atacantes remotos tener un impacto no especificado a través de vectores desconocidos. A stack-based buffer overflow was found in the way libtasn1 decoded certain DER encoded data. An attacker could use this flaw to crash an application using the libtasn1 library. Libtas... • http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=4d4f992826a4962790ecd0cce6fbba4a415ce149 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2015-1607 – Ubuntu Security Notice USN-2554-1
https://notcve.org/view.php?id=CVE-2015-1607
01 Apr 2015 — kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and "memcpy with overlapping ranges." El archivo kbx/keybox-search.c en GnuPG versiones anteriores a 1.4.19, versiones 2.0.x anteriores a 2.0.27 y versiones 2.1.x anteriores a 2.1.2, no maneja apropiadamente los cambios a la izquierda bit ... • http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=2183683bd633818dd031b090b5530951de76f392 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 3%CPEs: 53EXPL: 0CVE-2015-2317 – Ubuntu Security Notice USN-2539-1
https://notcve.org/view.php?id=CVE-2015-2317
23 Mar 2015 — The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a control character in a URL, as demonstrated by a \x08javascript: URL. La función utils.http.is_safe_url en Django anterior a 1.4.20, 1.5.x, 1.6.x anterior a 1.6.11, 1.7.x anterior a 1.7.7, y 1.8.x anterior a 1.8c1 no valida correctamente las URLs, lo que permite a ... • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155421.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 3%CPEs: 36EXPL: 0CVE-2015-2316 – Ubuntu Security Notice USN-2539-1
https://notcve.org/view.php?id=CVE-2015-2316
23 Mar 2015 — The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of service (infinite loop) by increasing the length of the input string. La función utils.html.strip_tags en Django 1.6.x anterior a 1.6.11, 1.7.x anterior a 1.7.7, y 1.8.x anterior a 1.8c1, cuando utiliza ciertos versiones de Python, permite a atacantes remotos causar una denegación de servicio (bucle infinito) mediant... • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155421.html • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 42%CPEs: 13EXPL: 1CVE-2015-2305 – regex: heap overflow in regcomp() on 32-bit architectures
https://notcve.org/view.php?id=CVE-2015-2305
19 Mar 2015 — Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow. Desbordamiento de enteros en la implementación regcomp en la librería Henry Spencer BSD regex (también conocido como rxspencer) alpha3.8.g5 en las plataformas de 32 bits, utilizado en ... • http://blog.clamav.net/2015/04/clamav-0987-has-been-released.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 14%CPEs: 17EXPL: 2CVE-2015-2301 – php: use after free in phar_object.c
https://notcve.org/view.php?id=CVE-2015-2301
19 Mar 2015 — Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file. Vulnerabilidad de uso después de liberación en la función phar_rename_archive en phar_object.c en PHP anterior a 5.5.22 y 5.6.x anterior a 5.6.6 permite a atacantes remotos causar una denegació... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=b2cf3f064b8f5efef89bb084521b61318c71781b • CWE-416: Use After Free •
CVSS: 9.8EPSS: 2%CPEs: 7EXPL: 0CVE-2015-1802 – libXfont: missing range check in bdfReadProperties
https://notcve.org/view.php?id=CVE-2015-1802
18 Mar 2015 — The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative or (2) large property count in a BDF font file. La función bdfReadProperties en bitmap/bdfread.c en X.Org libXfont anterior a 1.4.9 y 1.5.x anterior a 1.5.1 permite a usuarios remotos autenticados causar una denegación de servicio (escritura y caída fuera de... • http://advisories.mageia.org/MGASA-2015-0113.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 2%CPEs: 7EXPL: 0CVE-2015-1803 – libXfont: crash on invalid read in bdfReadCharacters
https://notcve.org/view.php?id=CVE-2015-1803
18 Mar 2015 — The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file. La función bdfReadCharacters en bitmap/bdfread.c en X.Org libXfont anterior a 1.4.9 y 1.5.x anterior a 1.5.1 no maneja adecuadamente caracteres bitmaps que no se pueden leer, lo... • http://advisories.mageia.org/MGASA-2015-0113.html • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 3%CPEs: 7EXPL: 0CVE-2015-1804 – libXfont: out-of-bounds memory access in bdfReadCharacters
https://notcve.org/view.php?id=CVE-2015-1804
18 Mar 2015 — The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file. La función bdfReadCharacters en bitmap/bdfread.c en X.Org libXfont anterior a 1.4.9 y 1.5.x anterior a 1.5.1 no realiza adecuadamente la conversión de tipos para valores métricos, l... • http://advisories.mageia.org/MGASA-2015-0113.html • CWE-189: Numeric Errors CWE-805: Buffer Access with Incorrect Length Value •