CVSS: 7.5EPSS: 50%CPEs: 1EXPL: 0CVE-2015-0785 – Novell Zenworks com.novell.zenworks.inventory.rtr.actionclasses.wcreports Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-0785
com.novell.zenworks.inventory.rtr.actionclasses.wcreports in Novell ZENworks Configuration Management (ZCM) allows remote attackers to read arbitrary folders via the dirname variable. com.novell.zenworks.inventory.rtr.actionclasses.wcreports en ZENworks Configuration Management (ZCM) de Novell permite que usuarios remotos autenticados lean carpetas arbitrarias mediante la variable dirname. This vulnerability allows attackers to obtain sensitive information on vulnerable installations of Novell Zenworks. User interaction is not required to exploit this vulnerability. The specific flaw exists within com.novell.zenworks.inventory.rtr.actionclasses.wcreports. The issue lies in the failure to sanitize the path of the "dirname" variable. The attacker can leverage this to disclose the contents of folders on the system. • http://www.securityfocus.com/bid/74288 http://www.zerodayinitiative.com/advisories/ZDI-15-152 https://www.novell.com/support/kb/doc.php?id=7016431 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 0CVE-2015-0439
https://notcve.org/view.php?id=CVE-2015-0439
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-4756. Vulnerabilidad no especificada en Oracle MySQL Server 5.6.22 y versiones anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con Server : InnoDB, una vulnerabilidad diferente a CVE-2015-4756. • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html http://www.securityfocus.com/bid/74085 http://www.securitytracker.com/id/1032121 https://security.gentoo.org/glsa/201507-19 •
CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 0CVE-2015-0438
https://notcve.org/view.php?id=CVE-2015-0438
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition. Vulnerabilidad no especificada en Oracle MySQL Server 5.6.22 y anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con Server : Partition. • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html http://www.securitytracker.com/id/1032121 https://security.gentoo.org/glsa/201507-19 •
CVSS: 3.5EPSS: 0%CPEs: 5EXPL: 0CVE-2015-2567
https://notcve.org/view.php?id=CVE-2015-2567
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges. Vulnerabilidad no especificada en Oracle MySQL Server 5.6.23 y anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con Server : Security : Privileges. • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html http://www.securitytracker.com/id/1032121 https://security.gentoo.org/glsa/201507-19 •
CVSS: 4.0EPSS: 0%CPEs: 9EXPL: 0CVE-2015-0423
https://notcve.org/view.php?id=CVE-2015-0423
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. Vulnerabilidad no especificada en Oracle MySQL Server 5.6.22 y anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con Optimizer. • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html http://www.securitytracker.com/id/1032121 https://security.gentoo.org/glsa/201507-19 •