CVSS: 6.4EPSS: 45%CPEs: 2EXPL: 2CVE-2016-3115 – OpenSSH 7.2p1 - (Authenticated) xauth Command Injection
https://notcve.org/view.php?id=CVE-2016-3115
14 Mar 2016 — Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. Múltiples vulnerabilidades de inyección CRLF en session.c en sshd en OpenSSH en versiones anteriores a 7.2p2 permite a usuarios remotos autenticados eludir las restricciones de comandos de shell previstas a través del redireccionamiento de dat... • https://packetstorm.news/files/id/136234 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 3%CPEs: 33EXPL: 0CVE-2016-1950 – nss: Heap buffer overflow vulnerability in ASN1 certificate parsing (MFSA 2016-35)
https://notcve.org/view.php?id=CVE-2016-1950
09 Mar 2016 — Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. El desbordamiento de buffer basado en memoria dinámica en Mozilla Network Security Services (NSS) en versiones anteriores a 3.19.2.3 y 3.20.x y 3.21.x en versiones anteriores a 3.21.1, tal y como se utiliza en Mozilla ... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2016-2270 – Debian Security Advisory 3519-1
https://notcve.org/view.php?id=CVE-2016-2270
19 Feb 2016 — Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings. Xen 4.6.x y versiones anteriores permite a administradores invitados locales provocar una denegación de servicio (reinicio de host) a través de vectores relacionados con múltiples mapeos de páginas MMIO con diferentes ajustes de cacheado. Multiple security issues have been found in the Xen virtualisation solution, which... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177990.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 1%CPEs: 11EXPL: 1CVE-2015-8668 – libtiff: OOB read in bmp2tiff
https://notcve.org/view.php?id=CVE-2015-8668
28 Dec 2015 — Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a large width field in a BMP image. Desbordamiento de buffer basado en memoria dinámica en la función PackBitsPreEncode en tif_packbits.c en bmp2tiff en libtiff 4.0.6 y versiones anteriores permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio a través de un campo width... • http://packetstormsecurity.com/files/135080/libtiff-4.0.6-Heap-Overflow.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 64%CPEs: 170EXPL: 0CVE-2015-8000 – bind: responses with a malformed class attribute can trigger an assertion failure in db.c
https://notcve.org/view.php?id=CVE-2015-8000
16 Dec 2015 — db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute. db.c en named en ISC BIND 9.x en versiones anteriores a 9.9.8-P2 y 9.10.x en versiones anteriores a 9.10.3-P2 permite a atacantes remotos causar una denegación de servicio (falla de aserción REQUIRE y salida del demonio) a través de un atributo de clase mal formado. A denial of service flaw was found in the... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174143.html • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 2%CPEs: 56EXPL: 1CVE-2015-3195 – OpenSSL: X509_ATTRIBUTE memory leak
https://notcve.org/view.php?id=CVE-2015-3195
03 Dec 2015 — The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application. La implementación ASN1_TFLG_COMBINE en crypto/asn1/tasn_dec.c en OpenSSL en versiones anteriores a 0.9.8zh, 1.0.0 en versiones anteriores a 1.0.0t, 1.... • https://github.com/Trinadh465/OpenSSL-1_0_1g_CVE-2015-3195 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 5%CPEs: 65EXPL: 0CVE-2015-3196 – OpenSSL: Race condition handling PSK identify hint
https://notcve.org/view.php?id=CVE-2015-3196
03 Dec 2015 — ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message. ssl/s3_clnt.c en OpenSSL 1.0.0 en versiones anteriores a 1.0.0t, 1.0.1 en versiones anteriores a 1.0.1p y 1.0.2 en versiones anteriores a 1.0.2d, cuando es utilizado por un cliente multi hi... • http://fortiguard.com/advisory/openssl-advisory-december-2015 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.9EPSS: 0%CPEs: 30EXPL: 1CVE-2015-2721 – NSS: incorrectly permited skipping of ServerKeyExchange (MFSA 2015-71)
https://notcve.org/view.php?id=CVE-2015-2721
06 Jul 2015 — Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a "SMACK SKIP-TLS" issue. Mozilla Network... • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html • CWE-310: Cryptographic Issues CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 7.5EPSS: 0%CPEs: 25EXPL: 0CVE-2015-2730 – NSS: ECDSA signature validation fails to handle some signatures correctly (MFSA 2015-64)
https://notcve.org/view.php?id=CVE-2015-2730
06 Jul 2015 — Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof ECDSA signatures via unspecified vectors. Mozilla Network Security Services (NSS) anterior a 3.19.1, utilizado en Mozilla Firefox anterior a 39.0, Firefox ESR 31.x anterior a 31.8 y 38.x anterior a 38.1, y otros pro... • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html • CWE-310: Cryptographic Issues CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2015-0452
https://notcve.org/view.php?id=CVE-2015-0452
16 Apr 2015 — Unspecified vulnerability in the Oracle VM Server for SPARC component in Oracle Sun Systems Products Suite 3.1 and 3.2 allows remote attackers to affect confidentiality via unknown vectors related to Ldom Manager. Vulnerabilidad no especificada en el componente Oracle VM Server for SPARC en Oracle Sun Systems Products Suite 3.1 y 3.2 permite a atacantes remotos afectar la confidencialidad a través de vectores desconocidos relacionados con Ldom Manager. • http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html •