CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 0CVE-2016-0611 – mysql: unspecified vulnerability in subcomponent: Server: Optimizer (CPU January 2016)
https://notcve.org/view.php?id=CVE-2016-0611
21 Jan 2016 — Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. Vulnerabilidad no especificada en Oracle MySQL 5.6.27 y versiones anteriores y 5.7.9 permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores desconocidos relacionados con Optimizer. Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MyS... • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 24EXPL: 0CVE-2016-0546 – mysql: unspecified vulnerability in subcomponent: Client (CPU January 2016)
https://notcve.org/view.php?id=CVE-2016-0546
21 Jan 2016 — Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impac... • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 24EXPL: 0CVE-2016-0608 – mysql: unspecified vulnerability in subcomponent: Server: UDF (CPU January 2016)
https://notcve.org/view.php?id=CVE-2016-0608
21 Jan 2016 — Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF. Vulnerabilidad no especificada en Oracle MySQL 5.5.46 y versiones anteriores, 5.6.27 y versiones anteriores y 5.7.9 y MariaDB en versiones anteriores a 5.5.47, 10.0.x en versiones anteriores a 10.0.23 y 10.1.x en versiones anteriores a 10.1.10 permite a usuar... • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html •
CVSS: 8.1EPSS: 0%CPEs: 24EXPL: 0CVE-2016-0597 – mysql: unspecified vulnerability in subcomponent: Server: Optimizer (CPU January 2016)
https://notcve.org/view.php?id=CVE-2016-0597
21 Jan 2016 — Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. Vulnerabilidad no especificada en Oracle MySQL 5.5.46 y versiones anteriores, 5.6.27 y versiones anteriores y 5.7.9 y MariaDB en versiones anteriores a 5.5.47, 10.0.x en versiones anteriores a 10.0.23 y 10.1.x en versiones anteriores a 10.1.10 p... • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html •
CVSS: 9.8EPSS: 0%CPEs: 42EXPL: 0CVE-2016-0610 – mysql: unspecified vulnerability in subcomponent: Server: InnoDB (CPU January 2016)
https://notcve.org/view.php?id=CVE-2016-0610
21 Jan 2016 — Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and MariaDB before 10.0.22 and 10.1.x before 10.1.9 allows remote authenticated users to affect availability via unknown vectors related to InnoDB. Vulnerabilidad no especificada en Oracle MySQL 5.6.27 y versiones anteriores y MariaDB en versiones anteriores a 10.0.22 y 10.1.x en versiones anteriores a 10.1.9 permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores no conocidos relacionados con InnoDB. MariaDB is a ... • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2016-0503 – mysql: unspecified vulnerability in subcomponent: Server: DML (CPU January 2016)
https://notcve.org/view.php?id=CVE-2016-0503
21 Jan 2016 — Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0504. Vulnerabilidad no especificada en Oracle MySQL 5.6.27 y versiones anteriores y 5.7.9 permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores relacionados con DML, una vulnerabilidad diferente a CVE-2016-0504. Multiple security issues were discovered in MySQL and this update in... • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html •
CVSS: 9.8EPSS: 12%CPEs: 11EXPL: 1CVE-2015-8668 – libtiff: OOB read in bmp2tiff
https://notcve.org/view.php?id=CVE-2015-8668
28 Dec 2015 — Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a large width field in a BMP image. Desbordamiento de buffer basado en memoria dinámica en la función PackBitsPreEncode en tif_packbits.c en bmp2tiff en libtiff 4.0.6 y versiones anteriores permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio a través de un campo width... • http://packetstormsecurity.com/files/135080/libtiff-4.0.6-Heap-Overflow.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 2%CPEs: 56EXPL: 1CVE-2015-3195 – OpenSSL: X509_ATTRIBUTE memory leak
https://notcve.org/view.php?id=CVE-2015-3195
03 Dec 2015 — The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application. La implementación ASN1_TFLG_COMBINE en crypto/asn1/tasn_dec.c en OpenSSL en versiones anteriores a 0.9.8zh, 1.0.0 en versiones anteriores a 1.0.0t, 1.... • https://github.com/Trinadh465/OpenSSL-1_0_1g_CVE-2015-3195 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 0CVE-2014-8119 – netcf: augeas path expression injection via interface name
https://notcve.org/view.php?id=CVE-2014-8119
20 Nov 2015 — The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions. La función find_ifcfg_path en netcf en versiones anteriores a la 0.2.7 podría permitir que atacantes provoquen una denegación de servicio (cierre inesperado de la aplicación) mediante vectores que implican expresiones de ruta de augeas. A denial of service flaw was found in netcf. A specially crafted interface name could cause an application... • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156571.html • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-4862 – mysql: unspecified vulnerability related to Server:DML (CPU October 2015)
https://notcve.org/view.php?id=CVE-2015-4862
21 Oct 2015 — Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML. Vulnerabilidad no especificada en Oracle MySQL Server 5.6.26 y versiones anteriores permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores relacionados con DML. Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.46 in Ubun... • http://rhn.redhat.com/errata/RHSA-2016-0705.html •