CVSS: 7.7EPSS: 0%CPEs: 10EXPL: 1CVE-2015-3456 – QEMU - Floppy Disk Controller (FDC) (PoC)
https://notcve.org/view.php?id=CVE-2015-3456
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM. Floppy Disk Controller (FDC) en QEMU, utilizado en Xen 4.5.x y anteriores y KVM, permite a usuarios locales invitados causar una denegación de servicio (escritura fuera de rango y caída del invitado) o posiblemente ejecutar código arbitrario a través de (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, u otros comandos sin especificar, también conocido como VENOM. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. • https://www.exploit-db.com/exploits/37053 http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=e907746266721f305d67bc0718795fedee2e824c http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10693 http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158072.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00014.html http:/&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 3.3EPSS: 1%CPEs: 9EXPL: 2CVE-2015-2922 – kernel: denial of service (DoS) attack against IPv6 network stacks due to improper handling of Router Advertisements.
https://notcve.org/view.php?id=CVE-2015-2922
The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. La función ndisc_router_discovery en net/ipv6/ndisc.c en la implementación de protocolo Neighbor Discovery (ND) en la pila IPv6 en el kernel de Linux anterior a 3.19.6 permite a atacantes remotos reconfigurar una configuración 'hop-limit' a través de un valor hop_limit pequeño en un mensaje Router Advertisement (RA). It was found that the Linux kernel's TCP/IP protocol suite implementation for IPv6 allowed the Hop Limit value to be set to a smaller value than the default one. An attacker on a local network could use this flaw to prevent systems on that network from sending or receiving network packets. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6fd99094de2b83d1d4c8457f2c83483b2828e75a http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155804.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155854.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155908.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html http:&# • CWE-17: DEPRECATED: Code CWE-454: External Initialization of Trusted Variables or Data Stores •
CVSS: 4.0EPSS: 0%CPEs: 33EXPL: 0CVE-2015-0441 – mysql: unspecified vulnerability related to Server:Security:Encryption (CPU April 2015)
https://notcve.org/view.php?id=CVE-2015-0441
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.41 y anteriores, y 5.6.22 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con Server : Security : Encryption. • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html http://rhn.redhat.com/errata/RHSA-2015-1628.html http://rhn.redhat.com/errata/RHSA-2015-1629.html http://rhn.redhat.com/errata/RHSA-2015-1647.html http://rhn.redhat.com/errata/RHSA-2015-1665.html http://www.debian.org/security/2015/dsa-3229 http://www.debian.org/security/2015/dsa-3311 http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html http://www.securitytracker.com/id/103212 •
CVSS: 4.0EPSS: 0%CPEs: 34EXPL: 0CVE-2015-2573 – mysql: unspecified vulnerability related to Server:DDL (CPU April 2015)
https://notcve.org/view.php?id=CVE-2015-2573
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.41 y anteriores, y 5.6.22 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con DDL. • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html http://rhn.redhat.com/errata/RHSA-2015-1628.html http://rhn.redhat.com/errata/RHSA-2015-1629.html http://rhn.redhat.com/errata/RHSA-2015-1647.html http://rhn.redhat.com/errata/RHSA-2015-1665.html http://www.debian.org/security/2015/dsa-3229 http://www.debian.org/security/2015/dsa-3311 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.oracle.com/technetwork/t •
CVSS: 4.0EPSS: 0%CPEs: 34EXPL: 0CVE-2015-0499 – mysql: unspecified vulnerability related to Server:Federated (CPU April 2015)
https://notcve.org/view.php?id=CVE-2015-0499
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.42 y anteriores, y 5.6.23 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con Server : Federated. • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html http://rhn.redhat.com/errata/RHSA-2015-1628.html http://rhn.redhat.com/errata/RHSA-2015-1629.html http://rhn.redhat.com/errata/RHSA-2015-1647.html http://rhn.redhat.com/errata/RHSA-2015-1665.html http://www.debian.org/security/2015/dsa-3229 http://www.debian.org/security/2015/dsa-3311 http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 http://www.oracle.com/technetwork/topics/securi •