CVSS: 5.5EPSS: 0%CPEs: 30EXPL: 0CVE-2015-1931 – JDK: plain text data stored in memory dumps
https://notcve.org/view.php?id=CVE-2015-1931
22 Jul 2015 — IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file. IBM Java Security Components en IBM SDK, Java Technology Edition 8 versiones anteriores a SR1 FP10, 7 R1 anteriores a SR3 FP10, 7 anteriores a SR9 FP10, 6 R1 anteriores a SR8 FP7, 6 anteriores a SR16 ... • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00051.html • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 8.8EPSS: 0%CPEs: 33EXPL: 0CVE-2015-2648 – mysql: unspecified vulnerability related to Server:DML (CPU July 2015)
https://notcve.org/view.php?id=CVE-2015-2648
16 Jul 2015 — Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.43 y anteriores y 5.6.24 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con DML. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found that the MySQL clie... • http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html •
CVSS: 8.8EPSS: 0%CPEs: 35EXPL: 0CVE-2015-4752 – mysql: unspecified vulnerability related to Server:I_S (CPU July 2015)
https://notcve.org/view.php?id=CVE-2015-4752
16 Jul 2015 — Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.43 y anteriores y 5.6.24 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con Server : I_S. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found t... • http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html •
CVSS: 8.8EPSS: 0%CPEs: 31EXPL: 0CVE-2015-4757 – mysql: unspecified vulnerability related to Server:Optimizer (CPU July 2015)
https://notcve.org/view.php?id=CVE-2015-4757
16 Jul 2015 — Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.42 y anteriores y 5.6.23 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con Server : Optimizer. MariaDB is a multi-user, multi-threaded SQL database server that is binary comp... • http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html •
CVSS: 4.3EPSS: 0%CPEs: 27EXPL: 0CVE-2015-2582 – mysql: unspecified vulnerability related to Server:GIS (CPU July 2015)
https://notcve.org/view.php?id=CVE-2015-2582
16 Jul 2015 — Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS. Vulnerabilidad no especificada en Oracle MySQL Server versión 5.5.43 y anteriores y versión 5.6.24 y anteriores, permiten a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con los GIS. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was foun... • http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html •
CVSS: 8.8EPSS: 0%CPEs: 33EXPL: 0CVE-2015-2643 – mysql: unspecified vulnerability related to Server:Optimizer (CPU July 2015)
https://notcve.org/view.php?id=CVE-2015-2643
16 Jul 2015 — Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.43 y anteriores y 5.6.24 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con Server : Optimizer. MariaDB is a multi-user, multi-threaded SQL database server that is binary comp... • http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2015-3149 – OpenJDK8: insecure hsperfdata temporary file handling, CVE-2015-0383 regression (Hotspot)
https://notcve.org/view.php?id=CVE-2015-3149
16 Jul 2015 — The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise Linux 6 and 7 allows local users to write to arbitrary files via a symlink attack. El componente Hotspot en OpenJDK8, como empaquetado en Red Hat Enterprise Linux versión 6 y 7, permite a los usuarios locales escribir en archivos arbitrarios mediante un ataque de enlace simbólico. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in ... • http://rhn.redhat.com/errata/RHSA-2015-1228.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-377: Insecure Temporary File •
CVSS: 7.5EPSS: 0%CPEs: 56EXPL: 0CVE-2015-3281 – haproxy: information leak in buffer_slow_realign()
https://notcve.org/view.php?id=CVE-2015-3281
06 Jul 2015 — The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request. La función buffer_slow_realign en HAProxy 1.5.x anterior a 1.5.14 y 1.6-dev no realinea correctamente un buffer que es utilizado para datos salientes pendientes, lo que permite a atacantes remotos obtener información sensib... • http://git.haproxy.org/?p=haproxy-1.5.git%3Ba=commit%3Bh=7ec765568883b2d4e5a2796adbeb492a22ec9bd4 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 12%CPEs: 27EXPL: 1CVE-2015-4643 – php: integer overflow in ftp_genlist() resulting in heap overflow (improved fix for CVE-2015-4022)
https://notcve.org/view.php?id=CVE-2015-4643
04 Jul 2015 — Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022. Desbordamiento de entero en la función ftp_genlist en ext/ftp/ftp.c en PHP en versiones anteriores a 5.4.42, 5.5.x en versiones anteriores a 5.5.26 y 5.6.x en versiones anter... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=0765623d6991b62ffcd93ddb6be8a5203a2fa7e2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 9%CPEs: 39EXPL: 1CVE-2015-4599 – php: type confusion issue in unserialize() with various SOAP methods
https://notcve.org/view.php?id=CVE-2015-4599
23 Jun 2015 — The SoapFault::__toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of service (application crash), or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue. El método SoapFault::__toString en ext/soap/soap.c en PHP en versiones anteriores a 5.4.40, 5.5.x en versiones anteriores a 5.5.24 y 5.6.x en versiones anteriores a 5.6.8 permite a atacante... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=51856a76f87ecb24fe1385342be43610fb6c86e4 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •