CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2015-5069
https://notcve.org/view.php?id=CVE-2015-5069
26 Sep 2017 — The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. La función (1) filesystem::get_wml_location en filesystem.cpp y la función (2) is_legal_file en filesystem_boost.cpp en Battle for Wesnoth en versiones anteriores a la 1.12.3 y las versiones 1.13.x anteriores a 1.13.1 pe... • http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161722.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.5EPSS: 0%CPEs: 4EXPL: 0CVE-2015-5070
https://notcve.org/view.php?id=CVE-2015-5070
26 Sep 2017 — The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a case-insensitive filesystem is used, allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5069. La función (1) filesystem::get_wml_location en filesystem.cpp y la función (2) is_legal_file en... • http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161722.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5704
https://notcve.org/view.php?id=CVE-2015-5704
25 Sep 2017 — scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands. scripts/licensecheck.pl en devscripts en versiones anteriores a la 2.15.7 permite que los usuarios locales ejecuten comandos shell arbitrarios. • http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163705.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 15EXPL: 1CVE-2015-5607 – Ubuntu Security Notice USN-5953-1
https://notcve.org/view.php?id=CVE-2015-5607
20 Sep 2017 — Cross-site request forgery in the REST API in IPython 2 and 3. Existe una vulnerabillidad de tipo Cross-Site Request Forgery (CSRF) en IPython 2 y 3. It was discovered that IPython incorrectly processed REST API POST requests. An attacker could possibly use this issue to launch a cross-site request forgery attack and leak user's sensitive information. This issue only affected Ubuntu 14.04 ESM. • http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162671.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.9EPSS: 7%CPEs: 4EXPL: 0CVE-2015-3420
https://notcve.org/view.php?id=CVE-2015-3420
19 Sep 2017 — The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures. La función ssl-proxy-openssl.c en Dovecot en versiones anteriores a la 2.2.17, cuando SSLv3 está deshabilitado, permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado del proceso de inicio de sesión) mediante vectores relacionados con errores de negociación de protocolos. • http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157030.html • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-1854 – 389-ds-base: access control bypass with modrdn
https://notcve.org/view.php?id=CVE-2015-1854
19 Sep 2017 — 389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call. 389 Directory Server en versiones anteriores a la 1.3.3.10 permite que los atacantes omitan las restricciones de acceso previstas y modifiquen las entradas del directorio mediante una llamada ldapmodrdn manipulada. A flaw was found in the way Red Hat Directory Server performed authorization of modrdn operations. An unauthenticated attacker able to issue an ... • http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157069.html • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5705
https://notcve.org/view.php?id=CVE-2015-5705
06 Sep 2017 — Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename. Una vulnerabilidad de inyección de argumentos en versiones anteriores a la 2.15.7 de devscripts permite a atacantes escribir en archivos arbitrarios utilizando un enlace simbólico y un nombre de archivo manipulados. • http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163705.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2015-1783
https://notcve.org/view.php?id=CVE-2015-1783
11 Aug 2017 — The prefix variable in the get_or_define_ns function in Lasso before commit 6d854cef4211cdcdbc7446c978f23ab859847cdd allows remote attackers to cause a denial of service (uninitialized memory access and application crash) via unspecified vectors. La variable prefex en la función get_or_define_ns en Lasso anterior a 6d854cef4211cdcdbc7446c978f23ab859847cdd permite que atacantes remotos provoquen una denegación de servicio (acceso a memoria no inicializada y bloqueo de aplicación) mediante vectores sin especi... • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154321.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 2%CPEs: 4EXPL: 2CVE-2015-6816
https://notcve.org/view.php?id=CVE-2015-6816
09 Aug 2017 — ganglia-web before 3.7.1 allows remote attackers to bypass authentication. ganglia-web en versiones anteriores a la 3.7.1 permite que atacantes remotos eludan la autenticación. • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170362.html • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 21%CPEs: 4EXPL: 1CVE-2016-2173
https://notcve.org/view.php?id=CVE-2016-2173
21 Apr 2017 — org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code. org.springframework.core.serializer.DefaultDeserializer en Spring AMQP en versiones anteriores a 1.5.5 a los atacantes remotos ejecutar el código arbitrario. • https://github.com/HaToan/CVE-2016-2173 • CWE-20: Improper Input Validation •