CVSS: 8.6EPSS: 1%CPEs: 30EXPL: 0CVE-2015-1779 – qemu: vnc: insufficient resource limiting in VNC websockets decoder
https://notcve.org/view.php?id=CVE-2015-1779
The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section. El decodificador de frames websocket VNC en QEMU permite a atacantes remotos causar una denegación de servicio (consumo de CPU y memoria) a través de una gran (1) carga útil websocket o (2) sección de cabeceras HTTP It was found that the QEMU's websocket frame decoder processed incoming frames without limiting resources used to process the header and the payload. An attacker able to access a guest's VNC console could use this flaw to trigger a denial of service on the host by exhausting all available memory and CPU. • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154656.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155196.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html http://rhn.redhat.com/errata/RHSA-2015-1931.html http://rhn.redhat.com/errata/RHSA-2015-1943.html http://www.debian.org/security/2015/dsa-3259 http://www.openwall.com/lists/oss-secu • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.8EPSS: 5%CPEs: 61EXPL: 1CVE-2015-3330 – php: pipelined request executed in deinitialized interpreter under httpd 2.4
https://notcve.org/view.php?id=CVE-2015-3330
The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a "deconfigured interpreter." La función php_handler en sapi/apache2handler/sapi_apache2.c en PHP anterior a 5.4.40, 5.5.x anterior a 5.5.24, y 5.6.x anterior a 5.6.8, cuando Apache HTTP Server 2.4.x está utilizado, permite a atacantes remotos causar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a través de solicitudes HTTP segmentadas que resultan en un 'interprete desconfigurado.' A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=809610f5ea38a83b284e1125d1fff129bdd615e7 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html http://openwall.com/lists/oss-security/2015/04/17/7 http://php.net/ChangeLog-5.php http://rhn.redhat.com&# • CWE-20: Improper Input Validation CWE-665: Improper Initialization •
CVSS: 7.5EPSS: 71%CPEs: 67EXPL: 1CVE-2015-3329 – php: buffer overflow in phar_set_inode()
https://notcve.org/view.php?id=CVE-2015-3329
Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive. Múltiples desbordamientos de buffer basado en pila en la función phar_set_inode en phar_internal.h en PHP anterior a 5.4.40, 5.5.x anterior a 5.5.24, y 5.6.x anterior a 5.6.8 permiten a atacantes remotos ejecutar código arbitrario a través de un valor de longitud manipulado en un archivo (1) tar, (2) phar, o (3) ZIP. A buffer overflow flaw was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=f59b67ae50064560d7bfcdb0d6a8ab284179053c http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2015-1066.html http://rhn.redhat.com/errata& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 5.0EPSS: 0%CPEs: 24EXPL: 0CVE-2015-2189 – wireshark: The pcapng file parser could crash (wnpa-sec-2015-08)
https://notcve.org/view.php?id=CVE-2015-2189
Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB) interface ID in a crafted packet. Error de superación de límite (off-by-one) en la función pcapng_read en wiretap/pcapng.c en el analizador sintáctico pcapng en Wireshark 1.10.x anterior a 1.10.13 y 1.12.x anterior a 1.12.4 permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango y caída de la aplicación) a través de un identificador de la interfaz Interface Statistics Block (ISB) inválido en un paquete manipulado. • http://advisories.mageia.org/MGASA-2015-0117.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00038.html http://rhn.redhat.com/errata/RHSA-2015-1460.html http://www.debian.org/security/2015/dsa-3210 http://www.mandriva.com/security/advisories?name=MDVSA-2015:183 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/72944 http://www.securitytra • CWE-189: Numeric Errors CWE-193: Off-by-one Error •
CVSS: 5.0EPSS: 0%CPEs: 24EXPL: 0CVE-2015-2188 – wireshark: The WCP dissector could crash while decompressing data (wnpa-sec-2015-07)
https://notcve.org/view.php?id=CVE-2015-2188
epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression. epan/dissectors/packet-wcp.c en el disector WCP en Wireshark 1.10.x anterior a 1.10.13 y 1.12.x anterior a 1.12.4 no inicializa correctamente una estructura de datos, lo que permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango y caída de la aplicación) a través de un paquete manipulado que no se maneja correctamente durante la decompresión. • http://advisories.mageia.org/MGASA-2015-0117.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00038.html http://www.debian.org/security/2015/dsa-3210 http://www.mandriva.com/security/advisories?name=MDVSA-2015:183 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/72942 http://www.securitytracker.com/id/1031858 http://www.wireshark.org/securit • CWE-19: Data Processing Errors CWE-125: Out-of-bounds Read •