CVSS: 7.2EPSS: 0%CPEs: 38EXPL: 0CVE-2015-2151 – xen: hypervisor memory corruption due to x86 emulator flaw (xsa123)
https://notcve.org/view.php?id=CVE-2015-2151
The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors. El emulador x86 en Xen 3.2.x hasta 4.5.x no ignora correctamente las anulaciones de segmentos para instrucciones con operandos del registro, lo que permite a usuarios locales invitados obtener información sensible, causar una denegación de servicio (corrupción de memoria), o posiblemente ejecutar código arbitrario a través de vectores no especificados. It was found that the Xen hypervisor x86 CPU emulator implementation did not correctly handle certain instructions with segment overrides, potentially resulting in a memory corruption. A malicious guest user could use this flaw to read arbitrary data relating to other guests, cause a denial of service on the host, or potentially escalate their privileges on the host. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152588.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152776.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html http://support.citrix.com/article/CTX200484 http://www.debian.org/security/2015/dsa-3181 http://www.oracle.com/technetwork/ • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 57EXPL: 0CVE-2015-2206
https://notcve.org/view.php?id=CVE-2015-2206
libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests. libraries/select_lang.lib.php en phpMyAdmin 4.0.x anterior a 4.0.10.9, 4.2.x anterior a 4.2.13.2, y 4.3.x anterior a 4.3.11.1 incluye valores de lenguaje inválidos en respuestas de error de lenguaje desconocido que contienen un token CSRF y pueden ser enviadas con la compresión HTTP, lo que facilita a atacantes remotos realizar un ataque BREACH y determinar este token a través de una serie de respuestas manipuladas. • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151331.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151914.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151931.html http://lists.opensuse.org/opensuse-updates/2015-07/msg00008.html http://www.debian.org/security/2015/dsa-3382 http://www.mandriva.com/security/advisories?name=MDVSA-2015:186 http://www.phpmyadmin.net/home_page/security/PMASA-2015-1.php http://www.securityfoc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.0EPSS: 0%CPEs: 44EXPL: 0CVE-2014-8112 – 389-ds-base: password hashing bypassed when "nsslapd-unhashed-pw-switch" is set to off
https://notcve.org/view.php?id=CVE-2014-8112
389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores "unhashed" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by reading the Changelog. 389 Directory Server 1.3.1.x, 1.3.2.x anterior a 1.3.2.27, y 1.3.3.x anterior a 1.3.3.9 almacena contraseñas sin estar en hash incluso cuando la opción nsslapd-unhashed-pw-switch está configurado como apagado (off), lo que permite a usuarios remotosw autenticados obtener información sensible mediante la lectura del registro de cambios (Changelog). It was found that when the nsslapd-unhashed-pw-switch 389 Directory Server configuration option was set to "off", it did not prevent the writing of unhashed passwords into the Changelog. This could potentially allow an authenticated user able to access the Changelog to read sensitive information. • http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-2-27.html http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-9.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153991.html http://rhn.redhat.com/errata/RHSA-2015-0416.html https://bugzilla.redhat.com/show_bug.cgi?id=1172729 https://access.redhat.com/security/cve/CVE-2014-8112 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 5.8EPSS: 0%CPEs: 7EXPL: 0CVE-2014-8105 – 389-ds-base: information disclosure through 'cn=changelog' subtree
https://notcve.org/view.php?id=CVE-2014-8105
389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors. 389 Directory Server anterior a 1.3.2.27 y 1.3.3.x anterior a 1.3.3.9 no restringe correctamente acceso al subárbol LDAP 'cn=changelog', lo que permite a atacantes remotos obtener información sensible del registro de cambios (changelog) a través de vectores no especificados. An information disclosure flaw was found in the way the 389 Directory Server stored information in the Changelog that is exposed via the 'cn=changelog' LDAP sub-tree. An unauthenticated user could in certain cases use this flaw to read data from the Changelog, which could include sensitive information such as plain-text passwords. • http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-2-27.html http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-9.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153991.html http://rhn.redhat.com/errata/RHSA-2015-0416.html http://rhn.redhat.com/errata/RHSA-2015-0628.html https://access.redhat.com/security/cve/CVE-2014-8105 https://bugzilla.redhat.com/show_bug.cgi?id=1167858 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2015-0886
https://notcve.org/view.php?id=CVE-2015-0886
Integer overflow in the crypt_raw method in the key-stretching implementation in jBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a brute-force attack against hashes associated with the maximum exponent. Desbordamiento de enteros en el método crypt_raw en la implementación del estiramiento de claves en jBCrypt anterior a 0.4 facilita a atacantes remotos determinar valores en texto claro de hashes de contraseñas a través de un ataque de fuerza bruta contra los hashes asociados con el exponente máximo. • http://jvn.jp/en/jp/JVN77718330/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2015-000033 http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151496.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151786.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151797.html http://www.mindrot.org/projects/jBCrypt/news/rel04.html https://bugzilla.mindrot.org/show_bug.cgi?id=2097 https://lists.apache.org/thread.html/rbd23e3ac8113b4da0a025c0e45170 • CWE-190: Integer Overflow or Wraparound •