CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2015-0294 – gnutls: certificate algorithm consistency checking issue
https://notcve.org/view.php?id=CVE-2015-0294
16 Mar 2015 — GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate. GnuTLS versiones anteriores a 3.3.13, no comprueba que los algoritmos de firma coincidan cuando se importa un certificado. It was discovered that GnuTLS did not check if all sections of X.509 certificates indicate the same signature algorithm. This flaw, in combination with a different flaw, could possibly lead to a bypass of the certificate signature check. The GnuTLS library provides support for crypto... • http://www.debian.org/security/2015/dsa-3191 • CWE-295: Improper Certificate Validation •
CVSS: 10.0EPSS: 91%CPEs: 96EXPL: 3CVE-2015-0240 – Samba < 3.6.2 (x86) - Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2015-0240
23 Feb 2015 — The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c. La implentación del servidor Netlogon en smbd en Samba 3.5.x y... • https://packetstorm.news/files/id/180975 • CWE-17: DEPRECATED: Code CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 5%CPEs: 6EXPL: 0CVE-2014-8157 – jasper: dec->numtiles off-by-one check in jpc_dec_process_sot() (oCERT-2015-001)
https://notcve.org/view.php?id=CVE-2014-8157
22 Jan 2015 — Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow. Error de superación de límite (off-by-one) en la función jpc_dec_process_sot en JasPer 1.900.1 y anteriores permite a atacantes remotos causar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de una imagen JPEG 2000 mani... • http://advisories.mageia.org/MGASA-2015-0038.html • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 5%CPEs: 6EXPL: 0CVE-2014-8158 – jasper: unrestricted stack memory use in jpc_qmfb.c (oCERT-2015-001)
https://notcve.org/view.php?id=CVE-2014-8158
22 Jan 2015 — Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image. Múltiples desbordamientos de buffer basado en pila en jpc_qmfb.c en JasPer 1.900.1 y anteriores permiten a atacantes remotos causar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de una imagen JPEG 2000 manipulada. An unrestricted stack memory use flaw was found in... • http://advisories.mageia.org/MGASA-2015-0038.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 10.0EPSS: 14%CPEs: 18EXPL: 0CVE-2014-6601 – OpenJDK: class verifier insufficient invokespecial calls verification (Hotspot, 8058982)
https://notcve.org/view.php?id=CVE-2014-6601
21 Jan 2015 — Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Vulnerabilidad no especificada en Oracle Java SE 6u85, 7u72, y 8u25 permite a atacantes remotos afectar la confidencialidad, integridad, y disponibilidad a través de vectores desconocidos relacionados con Hotspot. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted ... • http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581 •
CVSS: 7.5EPSS: 0%CPEs: 29EXPL: 0CVE-2015-0383 – OpenJDK: insecure hsperfdata temporary file handling (Hotspot, 8050807)
https://notcve.org/view.php?id=CVE-2015-0383
21 Jan 2015 — Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via unknown vectors related to Hotspot. Vulnerabilidad no especificada en Oracle Java SE 5.0u75, 6u85, 7u72, y 8u25; Java SE Embedded 7u71 y 8u6; y JRockit R27.8.4 y R28.3.4 permite a usuarios locales afectar la integridad y la disponibilidad a través de vectores desconocidos relacionados con Hotspot. Multiple insecur... • http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581 • CWE-377: Insecure Temporary File •
CVSS: 9.8EPSS: 1%CPEs: 18EXPL: 0CVE-2015-0412 – OpenJDK: insufficient code privileges checks (JAX-WS, 8054367)
https://notcve.org/view.php?id=CVE-2015-0412
21 Jan 2015 — Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS. Vulnerabilidad no especificada en Oracle Java SE 6u85, 7u72, y 8u25 permite a usuarios remotos afectar la confidencialidad, integridad, y disponibilidad a través de vectores relacionados con JAX-WS. An improper permission check issue was discovered in the JAX-WS component in OpenJDK. An untrusted Java application or applet could use th... • http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581 •
CVSS: 7.5EPSS: 1%CPEs: 18EXPL: 0CVE-2015-0407 – OpenJDK: directory information leak via file chooser (Swing, 8055304)
https://notcve.org/view.php?id=CVE-2015-0407
21 Jan 2015 — Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Swing. Vulnerabilidad no especificada en Oracle Java SE 5.0u75, 6u85, 7u72, y 8u25 permite a atacantes remotos afectar la confidencialidad a través de vectores desconocidos relacionados con Swing. An information leak flaw was found in the Swing component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox ... • http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581 •
CVSS: 9.8EPSS: 24%CPEs: 20EXPL: 0CVE-2015-0395 – OpenJDK: phantom references handling issue in garbage collector (Hotspot, 8047125)
https://notcve.org/view.php?id=CVE-2015-0395
21 Jan 2015 — Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Vulnerabilidad no especificada en Oracle Java SE 5.0u75, 6u85, 7u72, y 8u25 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos relacionados con Hotspot. A flaw was found in the way the Hotspot garbage collector handled phantom references. An untr... • http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581 •
CVSS: 10.0EPSS: 9%CPEs: 20EXPL: 0CVE-2015-0408 – OpenJDK: incorrect context class loader use in RMI transport (RMI, 8055309)
https://notcve.org/view.php?id=CVE-2015-0408
21 Jan 2015 — Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. Vulnerabilidad no especificada en Oracle Java SE 5.0u75, 6u85, 7u72, y 8u25 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores relacionados con RMI. An improper permission check issue was discovered in the RMI component in OpenJDK. An untrusted Java application or applet... • http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581 •