CVSS: 1.9EPSS: 0%CPEs: 4EXPL: 0CVE-2015-2152
https://notcve.org/view.php?id=CVE-2015-2152
Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3) 127.0.0.1, when not compiled with SDL support. Xen 4.5.x y anteriores capacita a ciertos backends por defecto cuando emula un dispositivo VGA para una gemu invitado de x86 HVM incluso cuando la configuración las descapacite, lo que permite a usuarios locales invitados obtener acceso a la consola VGA mediante (1) la configuración de la variable de entorno DISPLAY, cuando esté compilada con el soporte SDL, o la conexión al servidor VNC server en (2) ::1 o (3) 127.0.0.1, cuando no esté compilado con el soporte SDL. • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152588.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152776.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html http://www.securityfocus.com/bid/73068 http://www.securitytracker.com/id/1031806 http://www.securitytracker.com/id/1031919 http://xenbits.xen.org/xsa/advisory-119.html https://security& • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 19EXPL: 0CVE-2015-2157
https://notcve.org/view.php?id=CVE-2015-2157
The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory. Las funciones (1) ssh2_load_userkey y (2) ssh2_save_userkey en PuTTY 0.51 hasta 0.63 no limpian correctamente las claves privadas SSH-2 de la memoria, lo que permite a usuarios remotos obtener información sensible mediante la lectura de la memoria. • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151790.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151839.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151933.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00032.html http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped-2.html http://www.debian.org/security/2015/dsa& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0CVE-2015-0778
https://notcve.org/view.php?id=CVE-2015-0778
osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file. osc anterior a 0.151.0 permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres de shell en un archivo _service. • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154257.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154267.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/154117.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00012.html http://www.securityfocus.com/bid/73114 https://bugzilla.suse.com/show_bug.cgi?id=901643 https://security.gentoo.or • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2015-1782 – libssh2: Using SSH_MSG_KEXINIT data unbounded
https://notcve.org/view.php?id=CVE-2015-1782
The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packet. La función kex_agree_methods en libssh2 anterior a 1.5.0 permite a servidores remotos causar una denegación de servicio (caída) o tener otro impacto sin especificar a través de valores de longitud modificados en un paquete SSH_MSG_KEXINIT. A flaw was found in the way the kex_agree_methods() function of libssh2 performed a key exchange when negotiating a new SSH session. A man-in-the-middle attacker could use a crafted SSH_MSG_KEXINIT packet to crash a connecting libssh2 client. • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151943.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152362.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153933.html http://www.debian.org/security/2015/dsa-3182 http://www.libssh2.org/adv_20150311.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:148 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid • CWE-20: Improper Input Validation CWE-130: Improper Handling of Length Parameter Inconsistency •
CVSS: 2.1EPSS: 0%CPEs: 38EXPL: 0CVE-2015-2045
https://notcve.org/view.php?id=CVE-2015-2045
The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors. La hiperllamada HYPERVISOR_xen_version en Xen 3.2.x hasta 4.5.x ni inicializa correctamente las estructuras de datos, lo que permite a usuarios locales invitados obtener información sensible a través de vectores no especificados. • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152588.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152776.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html http://support.citrix.com/article/CTX200484 http://www.debian.org/security/2015/dsa-3181 http://www.securityfocus.com/bid/72955 http://www.securitytracker.com/id/1031806 http://www. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •