CVE-2015-2695
https://notcve.org/view.php?id=CVE-2015-2695
lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call. lib/gssapi/spnego/spnego_mech.c en MIT Kerberos 5 (también conocido como krb5) en versiones anteriores a 1.14 confía en un manejo de contexto inapropiado, lo que permite a atacantes remotos provocar una denegación de servicio (lectura de puntero incorrecto y caída de proceso) a través de un paquete SPNEGO manipulado que no es manejado correctamente durante una llamada a gss_inquire_context. • http://krbdev.mit.edu/rt/Ticket/Display.html?id=8244 http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html http://www.debian.org/security/2015/dsa-3395 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus& • CWE-763: Release of Invalid Pointer or Reference •
CVE-2015-4858 – mysql: unspecified vulnerability related to Server:DML (CPU October 2015)
https://notcve.org/view.php?id=CVE-2015-4858
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.45 y versiones anteriores y 5.6.26 y versiones anteriores, permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores relacionados con DML, una vulnerabilidad diferente a CVE-2015-4913. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html http://rhn.redhat.com/errata/RHSA-2016-0534.html http://rhn.redhat.com/errata/RHSA-2016-0705.html http://rhn.redhat.com/errata/RHSA-2016-1480.html http://rhn.redhat.com/errata/RHSA-2016-1481 •
CVE-2015-4879 – mysql: unspecified vulnerability related to Server:DML (CPU October 2015)
https://notcve.org/view.php?id=CVE-2015-4879
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.44 y versiones anteriores y 5.6.25 y versiones anteriores, permite a usuarios remotos autenticados afectar a la confidencialidad, integridad y disponibilidad a través de vectores relacionados con DML. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html http://rhn.redhat.com/errata/RHSA-2015-1628.html http://rhn.redhat.com/errata/RHSA-2016-0534.html http://rhn.redhat.com/errata/RHSA-2016-1481.html http://www.debian.org/security/2015/dsa-3377 http://www.debian.org/security/2015/dsa-3385 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html http://www •
CVE-2015-4864 – mysql: unspecified vulnerability related to Server:Security:Privileges (CPU October 2015)
https://notcve.org/view.php?id=CVE-2015-4864
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.43 y versiones anteriores y 5.6.24 y versiones anteriores permite a usuarios remotos autenticados afectar a la integridad a través de vectores desconocidos relacionados con Server : Security : Privileges. • http://rhn.redhat.com/errata/RHSA-2015-1628.html http://rhn.redhat.com/errata/RHSA-2015-1665.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html http://www.securityfocus.com/bid/77187 http://www.securitytracker.com/id/1033894 http://www.ubuntu.com/usn/USN-2781-1 https://access.redhat.com/security/cve/CVE-2015-4864 https://bugzilla.redhat.com/show_bug.cgi?id=1274779 •
CVE-2015-4870 – MySQL 5.5.45 - procedure analyse Function Denial of Service
https://notcve.org/view.php?id=CVE-2015-4870
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.45 y versiones anteriores y 5.6.26 y versiones anteriores, permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores desconocidos relacionados con Server : Parser. • https://www.exploit-db.com/exploits/39867 https://github.com/OsandaMalith/CVE-2015-4870 http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html http://packetstormsecurity.com/files/137232/MySQL-Procedure-Analyse-Denial-Of-Service.html http://rhn.redhat.com/errata& •