CVSS: 8.8EPSS: 0%CPEs: 15EXPL: 1CVE-2015-5607
https://notcve.org/view.php?id=CVE-2015-5607
Cross-site request forgery in the REST API in IPython 2 and 3. Existe una vulnerabillidad de tipo Cross-Site Request Forgery (CSRF) en IPython 2 y 3. • http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162671.html http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162936.html http://www.openwall.com/lists/oss-security/2015/07/21/3 https://bugzilla.redhat.com/show_bug.cgi?id=1243842 https://github.com/ipython/ipython/commit/1415a9710407e7c14900531813c15ba6165f0816 https://github.com/ipython/ipython/commit/a05fe052a18810e92d9be8c1185952c13fe4e5b0 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.9EPSS: 2%CPEs: 4EXPL: 0CVE-2015-3420
https://notcve.org/view.php?id=CVE-2015-3420
The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures. La función ssl-proxy-openssl.c en Dovecot en versiones anteriores a la 2.2.17, cuando SSLv3 está deshabilitado, permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado del proceso de inicio de sesión) mediante vectores relacionados con errores de negociación de protocolos. • http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157030.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158236.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158261.html http://www.openwall.com/lists/oss-security/2015/04/27/1 http://www.openwall.com/lists/oss-security/2015/04/28/4 http://www.securityfocus.com/bid/74335 https://bugzilla.redhat.com/show_bug.cgi?id=1216057 https://dovecot.org/pipermail/dovecot-news/201 • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5705
https://notcve.org/view.php?id=CVE-2015-5705
Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename. Una vulnerabilidad de inyección de argumentos en versiones anteriores a la 2.15.7 de devscripts permite a atacantes escribir en archivos arbitrarios utilizando un enlace simbólico y un nombre de archivo manipulados. • http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163705.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163710.html http://www.openwall.com/lists/oss-security/2015/08/01/7 https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=d8f8fa1d8e4151fa62997cb74403f97ab0d7e1a2 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794260 https://bugzilla.redhat.com/show_bug.cgi?id=1249645 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2015-1783
https://notcve.org/view.php?id=CVE-2015-1783
The prefix variable in the get_or_define_ns function in Lasso before commit 6d854cef4211cdcdbc7446c978f23ab859847cdd allows remote attackers to cause a denial of service (uninitialized memory access and application crash) via unspecified vectors. La variable prefex en la función get_or_define_ns en Lasso anterior a 6d854cef4211cdcdbc7446c978f23ab859847cdd permite que atacantes remotos provoquen una denegación de servicio (acceso a memoria no inicializada y bloqueo de aplicación) mediante vectores sin especificar. • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154321.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154355.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155382.html https://bugzilla.redhat.com/show_bug.cgi?id=1199925 https://repos.entrouvert.org/lasso.git/commit/lasso/xml?id=6d854cef4211cdcdbc7446c978f23ab859847cdd • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 2CVE-2015-6816
https://notcve.org/view.php?id=CVE-2015-6816
ganglia-web before 3.7.1 allows remote attackers to bypass authentication. ganglia-web en versiones anteriores a la 3.7.1 permite que atacantes remotos eludan la autenticación. • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170362.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169641.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169788.html http://www.openwall.com/lists/oss-security/2015/09/05/6 http://www.securityfocus.com/bid/92146 https://bugzilla.redhat.com/show_bug.cgi?id=1260562 https://github.com/ganglia/ganglia-web/issues/267 https://www.freshports.org/sysutils/ganglia-webfronten • CWE-287: Improper Authentication •