CVSS: 4.0EPSS: 0%CPEs: 35EXPL: 0CVE-2015-4792 – mysql: unspecified vulnerability related to Server:Partition (CPU October 2015)
https://notcve.org/view.php?id=CVE-2015-4792
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.45 y versiones anteriores y 5.6.26 y versiones anteriores permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores desconocidos relacionados con Server : Partition, una vulnerabilidad diferente a CVE-2015-4802. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html http://rhn.redhat.com/errata/RHSA-2016-0534.html http://rhn.redhat.com/errata/RHSA-2016-0705.html http://rhn.redhat.com/errata/RHSA-2016-1480.html http://rhn.redhat.com/errata/RHSA-2016-1481&# •
CVSS: 4.0EPSS: 0%CPEs: 34EXPL: 0CVE-2015-4802 – mysql: unspecified vulnerability related to Server:Partition (CPU October 2015)
https://notcve.org/view.php?id=CVE-2015-4802
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.45 y versiones anteriores y 5.6.26 y versiones anteriores permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores desconocidos relacionados con Server : Partition, una vulnerabilidad diferente a CVE-2015-4792. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html http://rhn.redhat.com/errata/RHSA-2016-0534.html http://rhn.redhat.com/errata/RHSA-2016-0705.html http://rhn.redhat.com/errata/RHSA-2016-1480.html http://rhn.redhat.com/errata/RHSA-2016-1481&# •
CVSS: 7.2EPSS: 0%CPEs: 24EXPL: 0CVE-2015-4819 – mysql: unspecified vulnerability related to Client programs (CPU October 2015)
https://notcve.org/view.php?id=CVE-2015-4819
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.44 y versiones anteriores y 5.6.25 y versiones anteriores, permite a usuarios locales afectar a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con programas Client. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html http://rhn.redhat.com/errata/RHSA-2015-1628.html http://rhn.redhat.com/errata/RHSA-2016-0534.html http://rhn.redhat.com/errata/RHSA-2016-1481.html http://www.debian.org/security/2015/dsa-3377 http://www.debian.org/security/2015/dsa-3385 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html http://www&# • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.8EPSS: 1%CPEs: 11EXPL: 0CVE-2014-9751 – ntp: drop packets with source address ::1
https://notcve.org/view.php?id=CVE-2014-9751
The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine's network interface with a packet from the ::1 address. La función read_network_packet en ntp_io.c en ntpd en NTP 4.x en versiones anteriores a 4.2.8p1 en Linux y OS X no determina correctamente si una dirección IP fuente es una dirección IPv6 loopback, lo que facilita a atacantes remotos suplantar paquetes restringidos y leer o escribir en el estado runtime, aprovechando la habilidad para alcanzar la interfaz de red de la máquina ntpd con un paquete proveniente de la dirección ::1. It was found that because NTP's access control was based on a source IP address, an attacker could bypass source IP restrictions and send malicious control and configuration packets by spoofing ::1 addresses. • http://bugs.ntp.org/show_bug.cgi?id=2672 http://rhn.redhat.com/errata/RHSA-2015-1459.html http://support.ntp.org/bin/view/Main/SecurityNotice#December_2014_NTP_Security_Vulne http://www.debian.org/security/2015/dsa-3388 http://www.kb.cert.org/vuls/id/852879 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/72584 https://bugzilla.redhat.com/show_bug.cgi?id=1184572 https://support.hpe.com/hpsc/doc/public&#x • CWE-20: Improper Input Validation •
CVSS: 5.8EPSS: 1%CPEs: 9EXPL: 0CVE-2014-9750 – ntp: vallen in extension fields are not validated
https://notcve.org/view.php?id=CVE-2014-9750
ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field. ntp_crypto.c en ntpd en NTP 4.x en versiones anteriores a 4.2.8p1, cuando Autokey Authentication está habilitada, permite a atacantes remotos obtener información sensible de la memoria de proceso o causar una denegación de servicio (caída del demonio) a través de un paquete que contiene un campo extension con un valor no válido para la longitud de su campo de valor. A stack-based buffer overflow was found in the way the NTP autokey protocol was implemented. When an NTP client decrypted a secret received from an NTP server, it could cause that client to crash. • http://bugs.ntp.org/show_bug.cgi?id=2671 http://rhn.redhat.com/errata/RHSA-2015-1459.html http://support.ntp.org/bin/view/Main/SecurityNotice#December_2014_NTP_Security_Vulne http://www.debian.org/security/2015/dsa-3388 http://www.kb.cert.org/vuls/id/852879 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/72583 https://bugzilla.redhat.com/show_bug.cgi?id=1184573 https://support.hpe.com/hpsc/doc/public&#x • CWE-20: Improper Input Validation •