Page 20 of 236 results (0.011 seconds)

CVSS: 9.3EPSS: 0%CPEs: 65EXPL: 0

CVE-2015-5165 – Qemu: rtl8139 uninitialized heap memory information leakage to guest (XSA-140)

https://notcve.org/view.php?id=CVE-2015-5165

The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors. Vulnerabilidad en la emulación de modo offload C+ en el modelo de tarjeta de red del dispositivo RTL8139 en QEMU, tal y como se utiliza en Xen 4.5.x y versiones anteriores, permite a atacantes remotos leer la memoria dinámica del proceso a través de vectores no especificados. An information leak flaw was found in the way QEMU's RTL8139 emulation implementation processed network packets under RTL8139 controller's C+ mode of operation. An unprivileged guest user could use this flaw to read up to 65 KB of uninitialized QEMU heap memory. • http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html http://rhn.redhat.com/errata/RHSA-2015-1674.html http://rhn.redhat.com/errata/RHSA-2015-1683.html http: • CWE-456: Missing Initialization of a Variable CWE-908: Use of Uninitialized Resource •

CVSS: 8.8EPSS: 89%CPEs: 49EXPL: 2

CVE-2015-4495 – Mozilla Firefox Security Feature Bypass Vulnerability

https://notcve.org/view.php?id=CVE-2015-4495

The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015. Vulnerabilidad en el lector de PDF en Mozilla Firefox en versiones anteriores a 39.0.3, Firefox ESR 38.x en versiones anteriores a 38.1.1 y Firefox OS en versiones anteriores a 2.2, permite a atacantes remotos eludir la Same Origin Policy y leer archivos arbitrarios u obtener privilegios a través de vectores que implican código JavaScript manipulado y un setter nativo, tal como se explotó activamente en agosto de 2015. A flaw was discovered in Mozilla Firefox that could be used to violate the same-origin policy and inject web script into a non-privileged part of the built-in PDF file viewer (PDF.js). An attacker could create a malicious web page that, when viewed by a victim, could steal arbitrary files (including private SSH keys, the /etc/passwd file, and other potentially sensitive files) from the system running Firefox. Moxilla Firefox allows remote attackers to bypass the Same Origin Policy to read arbitrary files or gain privileges. • https://www.exploit-db.com/exploits/37772 https://github.com/vincd/CVE-2015-4495 http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html http://lists.opensuse.org/opensuse-security- •

CVSS: 4.0EPSS: 0%CPEs: 33EXPL: 0

CVE-2015-2643 – mysql: unspecified vulnerability related to Server:Optimizer (CPU July 2015)

https://notcve.org/view.php?id=CVE-2015-2643

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.43 y anteriores y 5.6.24 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con Server : Optimizer. • http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html http://rhn.redhat.com/errata/RHSA-2015-1628.html http://rhn.redhat.com/errata/RHSA-2015-1629.html http://rhn.redhat.com/errata/RHSA-2015-1630.html http://rhn.redhat.com/errata/RHSA-2015-1646.html http://rhn.redhat.com/errata/RHSA-2015-1647.html http://rhn.redhat.com/errata/RHSA-2015-1665.html http://www.debian.org/security/2015/dsa-3308 http://www.debian.org/security/2015/dsa-3311 http:// •

CVSS: 4.0EPSS: 0%CPEs: 35EXPL: 0

CVE-2015-4752 – mysql: unspecified vulnerability related to Server:I_S (CPU July 2015)

https://notcve.org/view.php?id=CVE-2015-4752

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.43 y anteriores y 5.6.24 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con Server : I_S. • http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html http://rhn.redhat.com/errata/RHSA-2015-1628.html http://rhn.redhat.com/errata/RHSA-2015-1629.html http://rhn.redhat.com/errata/RHSA-2015-1630.html http://rhn.redhat.com/errata/RHSA-2015-1646.html http://rhn.redhat.com/errata/RHSA-2015-1647.html http://rhn.redhat.com/errata/RHSA-2015-1665.html http://www.debian.org/security/2015/dsa-3308 http://www.debian.org/security/2015/dsa-3311 http:// •

CVSS: 4.0EPSS: 0%CPEs: 31EXPL: 0

CVE-2015-4757 – mysql: unspecified vulnerability related to Server:Optimizer (CPU July 2015)

https://notcve.org/view.php?id=CVE-2015-4757

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.42 y anteriores y 5.6.23 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con Server : Optimizer. • http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html http://rhn.redhat.com/errata/RHSA-2015-1628.html http://rhn.redhat.com/errata/RHSA-2015-1629.html http://rhn.redhat.com/errata/RHSA-2015-1630.html http://rhn.redhat.com/errata/RHSA-2015-1646.html http://rhn.redhat.com/errata/RHSA-2015-1647.html http://rhn.redhat.com/errata/RHSA-2015-1665.html http://www.debian.org/security/2015/dsa-3311 http://www.oracle.com/technetwork/topics/security/cpujul2015-236 •