CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2015-8805 – nettle: secp256 calculation bug
https://notcve.org/view.php?id=CVE-2015-8805
The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803. La función ecc_256_modq en ecc-256.c en Nettle en versiones anteriores a 3.2 no maneja correctamente la propagación de acarreo y produce una salida incorrecta en su implementación de la curva elíptica P-256 NIST, lo que permite a atacantes tener un impacto no especificado a través de vectores desconocidos, una vulnerabilidad diferente a CVE-2015-8803. • http://lists.opensuse.org/opensuse-updates/2016-02/msg00091.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00093.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00100.html http://rhn.redhat.com/errata/RHSA-2016-2582.html http://www.openwall.com/lists/oss-security/2016/02/02/2 http://www.openwall.com/lists/oss-security/2016/02/03/1 http://www.securityfocus.com/bid/84272 http://www.ubuntu.com/usn/USN-2897-1 https://blog.fuzzing-project.org&#x • CWE-310: Cryptographic Issues CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2015-7758
https://notcve.org/view.php?id=CVE-2015-7758
Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a (1) .aux, (2) .log, (3) .out, (4) .pdf, or (5) .toc extension for the file name, as demonstrated by .thesis.tex.aux. Gummi 0.6.5 permite a usuarios locales escribir en archivos arbitrarios a través de un ataque de enlace simbólico en un archivo temporal dot que usa el nombre de un archivo existente y la extensión (1) .aux, (2) .log, (3) .out, (4) .pdf o (5) .toc para el nombre de archivo, según lo demostrado por .thesis.tex.aux. • http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178582.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178642.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00117.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00150.html http://www.openwall.com/lists/oss-security/2015/10/08/4 http://www.openwall.com/lists/oss-security/2015/10/08/5 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756432 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2014-3462
https://notcve.org/view.php?id=CVE-2014-3462
The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes". El archivo de configuración ".encfs6.xml" en encfs en versiones anteriores a la 1.7.5 permite que atacantes remotos accedan a datos confidenciales ajustando "blockMACBytes" a 0 y añadiendo un 8 a "blockMACRandBytes". • http://lists.opensuse.org/opensuse-updates/2017-01/msg00090.html http://www.openwall.com/lists/oss-security/2014/05/14/2 https://bugzilla.redhat.com/show_bug.cgi?id=1097537 https://security.gentoo.org/glsa/201512-09 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 8%CPEs: 23EXPL: 0CVE-2015-7545 – git: arbitrary code execution via crafted URLs
https://notcve.org/view.php?id=CVE-2015-7545
The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules file or (b) unknown other sources in a submodule. El (1) git-remote-ext y (2) otros programas de ayuda remotos no especificados en Git en versiones anteriores a 2.3.10, 2.4.x en versiones anteriores a 2.4.10, 2.5.x en versiones anteriores a 2.5.4 y 2.6.x en versiones anteriores a 2.6.1 no restringen correctamente los protocolos permitidos, lo que podría permitir a atacantes remotos ejecutar código arbitrario a través de una URL en un (a) archivo .gitmodules u (b) otras fuentes desconocidas en un submódulo. A flaw was found in the way the git-remote-ext helper processed certain URLs. If a user had Git configured to automatically clone submodules from untrusted repositories, an attacker could inject commands into the URL of a submodule, allowing them to execute arbitrary code on the user's system. • http://lists.opensuse.org/opensuse-updates/2015-11/msg00066.html http://rhn.redhat.com/errata/RHSA-2015-2515.html http://www.debian.org/security/2016/dsa-3435 http://www.openwall.com/lists/oss-security/2015/12/08/5 http://www.openwall.com/lists/oss-security/2015/12/09/8 http://www.openwall.com/lists/oss-security/2015/12/11/7 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016&# • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-284: Improper Access Control •
CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 1CVE-2014-9756
https://notcve.org/view.php?id=CVE-2014-9756
The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable. La función psf_fwrite en file_io.c en libsndfile permite a atacantes causar una denegación de servicio (error de división por cero y caída de aplicación) a través de vectores no especificados relacionados con la variable headindex. • http://lists.opensuse.org/opensuse-updates/2015-11/msg00077.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00145.html http://www.openwall.com/lists/oss-security/2014/12/24/3 http://www.openwall.com/lists/oss-security/2015/11/03/9 http://www.ubuntu.com/usn/USN-2832-1 https://github.com/erikd/libsndfile/commit/725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6 https://github.com/erikd/libsndfile/issues/92 • CWE-369: Divide By Zero •