CVSS: 7.5EPSS: 58%CPEs: 32EXPL: 1CVE-2015-3194 – OpenSSL: Certificate verify crash with missing PSS parameter
https://notcve.org/view.php?id=CVE-2015-3194
03 Dec 2015 — crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter. crypto/rsa/rsa_ameth.c en OpenSSL 1.0.1 en versiones anteriores a 1.0.1q y 1.0.2 en versiones anteriores a 1.0.2e permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída de aplicación) a través de una firma RS... • https://github.com/Trinadh465/OpenSSL-1_0_1g_CVE-2015-3194 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0CVE-2015-5380
https://notcve.org/view.php?id=CVE-2015-5380
09 Jul 2015 — The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in Google V8, as used in Node.js before 0.12.6, io.js before 1.8.3 and 2.x before 2.3.3, and other products, does not verify that there is memory available for a UTF-16 surrogate pair, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted byte sequence. La función de Utf8DecoderBase::WriteUtf16Slow en unicode.decoder.cc en Google V8, al igual que como se usa en ... • http://blog.nodejs.org/2015/07/03/node-v0-12-6-stable • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 2%CPEs: 3EXPL: 0CVE-2015-0278 – Mandriva Linux Security Advisory 2015-228
https://notcve.org/view.php?id=CVE-2015-0278
06 May 2015 — libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent attackers to gain privileges via unspecified vectors. libuv anterior a 0.10.34 no cancela correctamente los privilegios de grupo, lo que permite a atacantes dependientes de contexto ganar privilegios a través de vectores no especificados. It was found that libuv does not call setgoups before calling setuid/setgid. This may potentially allow an attacker to gain elevated privileges. The libuv library is bundled with n... • http://advisories.mageia.org/MGASA-2015-0186.html • CWE-273: Improper Check for Dropped Privileges •