CVSS: 5.3EPSS: 1%CPEs: 6EXPL: 0CVE-2015-5146
https://notcve.org/view.php?id=CVE-2015-5146
ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet. ntpd en ntp en versiones anteriores a la 4.2.8p3 con la configuración remota habilitada permite que usuarios remotos autenticados que conozcan la contraseña de configuración y acceso a un ordenador asignado para realizar configuraciones remotas provoquen una denegación de servicio (bloque de servicio) mediante un byte NULL en una directiva de paquete de configuración manipulada. • http://bugs.ntp.org/show_bug.cgi?id=2853 http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu http://www.debian.org/security/2015/dsa-3388 http://www.securityfocus.com/bid/75589 http://www.securitytracker.com/ • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 2%CPEs: 17EXPL: 0CVE-2015-1819 – libxml2: denial of service processing a crafted XML document
https://notcve.org/view.php?id=CVE-2015-1819
The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack. Vulnerabilidad en el xmlreader en libxml, permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de datos XML manipulados, relacionada con un ataque XML Entity Expansión (XEE). A denial of service flaw was found in the way the libxml2 library parsed certain XML files. An attacker could provide a specially crafted XML file that, when parsed by an application using libxml2, could cause that application to use an excessive amount of memory. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172710.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172943.html http://lists.opensuse.org/opensuse-updates/2015- • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2015-4454
https://notcve.org/view.php?id=CVE-2015-4454
SQL injection vulnerability in the get_hash_graph_template function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graph_template_id parameter to graph_templates.php. Vulnerabilidad de inyección SQL en la función get_hash_graph_template en lib/functions.php en Cacti anterior a 0.8.8d permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro graph_template_id en graph_templates.php. • http://bugs.cacti.net/view.php?id=2572 http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183449.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183454.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183919.html http://www.cacti.net/release_notes_0_8_8d.php http://www.debian.org/security/2015/dsa-3295 http://www.securityfocus.com/bid/75270 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2015-2665
https://notcve.org/view.php?id=CVE-2015-2665
Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Cacti anterior a 0.8.8d permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados. • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183449.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183454.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183919.html http://www.cacti.net/release_notes_0_8_8d.php http://www.debian.org/security/2015/dsa-3295 http://www.fortiguard.com/advisory/FG-VD-15-017 http://www.securityfocus.com/bid/75309 http://www.securitytracker.com/id/1032672 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 7%CPEs: 36EXPL: 0CVE-2015-3209 – qemu: pcnet: multi-tmd buffer overflow in the tx path
https://notcve.org/view.php?id=CVE-2015-3209
Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set. Desbordamiento de buffer basado en memoria dinámica en el controlador PCNET en QEMU permite a atacantes remotos ejecutar código arbitrario mediante el envío de un paquete con el juego TXSTATUS_STARTPACKET y posteriormente un paquete manipulado con el juego TXSTATUS_DEVICEOWNS. A flaw was found in the way QEMU's AMD PCnet Ethernet emulation handled multi-TMD packets with a length above 4096 bytes. A privileged guest user in a guest with an AMD PCNet ethernet card enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160669.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160677.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160685.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-06&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •