CVSS: 4.0EPSS: 0%CPEs: 34EXPL: 0CVE-2015-2571 – mysql: unspecified vulnerability related to Server:Optimizer (CPU April 2015)
https://notcve.org/view.php?id=CVE-2015-2571
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.42 y anteriores, y 5.6.23 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con Server : Optimizer. • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html http://rhn.redhat.com/errata/RHSA-2015-1628.html http://rhn.redhat.com/errata/RHSA-2015-1629.html http://rhn.redhat.com/errata/RHSA-2015-1647.html http://rhn.redhat.com/errata/RHSA-2015-1665.html http://www.debian.org/security/2015/dsa-3229 http://www.debian.org/security/2015/dsa-3311 http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 http://www.oracle.com/technetwork/topics/securi •
CVSS: 5.0EPSS: 2%CPEs: 38EXPL: 0CVE-2015-2568 – mysql: unspecified vulnerability related to Server:Security:Privileges (CPU April 2015)
https://notcve.org/view.php?id=CVE-2015-2568
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.41 y anteriores, y 5.6.22 y anteriores, permite a atacantes remotos afectar la disponibilidad a través de vectores desconocidos relacionados con Server : Security : Privileges. • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html http://rhn.redhat.com/errata/RHSA-2015-1628.html http://rhn.redhat.com/errata/RHSA-2015-1629.html http://rhn.redhat.com/errata/RHSA-2015-1647.html http://rhn.redhat.com/errata/RHSA-2015-1665.html http://www.debian.org/security/2015/dsa-3229 http://www.debian.org/security/2015/dsa-3311 http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.oracle.com/technetwork/topic •
CVSS: 4.0EPSS: 0%CPEs: 38EXPL: 0CVE-2015-0433 – mysql: unspecified vulnerability related to Server:InnoDB:DML (CPU April 2015)
https://notcve.org/view.php?id=CVE-2015-0433
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.41 y anteriores, y 5.6.22 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con InnoDB : DML. • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html http://rhn.redhat.com/errata/RHSA-2015-1628.html http://rhn.redhat.com/errata/RHSA-2015-1629.html http://rhn.redhat.com/errata/RHSA-2015-1647.html http://rhn.redhat.com/errata/RHSA-2015-1665.html http://www.debian.org/security/2015/dsa-3229 http://www.debian.org/security/2015/dsa-3311 http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.oracle.com/technetwork/topic •
CVSS: 6.8EPSS: 2%CPEs: 40EXPL: 0CVE-2015-0797 – Mozilla: Buffer overflow parsing H.264 video with Linux Gstreamer (MFSA 2015-47)
https://notcve.org/view.php?id=CVE-2015-0797
GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 video data in an m4v file. GStreamer anterior a 1.4.5, utilizado en Mozilla Firefox anterior a 38.0, Firefox ESR 31.x anterior a 31.7, y Thunderbird anterior a 31.7 en Linux, permite a atacantes remotos causar una denegación de servicio (sobrelectura de buffer y caída de aplicación) o posiblemente ejecutar código arbitrario a través de datos de vídeo H.264 manipulados en un fichero m4v. • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html http://rhn.redhat.com/errata/RHSA-2015-0988.html http://rhn.redhat.com/errata/RHSA-2015-1012.html http://www.debian.org/security/2015/dsa-3225 http://www.debian.org/security/2015/dsa-3260 http://www.debian.org/security/2015/dsa-3264 http://www.mozilla. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 160EXPL: 0CVE-2015-2808 – SSL/TLS: "Invariance Weakness" vulnerability in RC4 stream cipher
https://notcve.org/view.php?id=CVE-2015-2808
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue. El algoritmo RC4, utilizado en el protocolo TLS y el protocolo SSL, no combina correctamente los datos de estados con los datos de claves durante la fase de inicialización, lo que facilita a atacantes remotos realizar ataques de recuperación de texto claro contra los bytes iniciales de un flujo mediante la captura de trafico de la red que ocasionalmente depende de claves afectadas por la debilidad de la invariabilidad (Invariance Weakness), y posteriormente utilizar un acercamiento de fuerza bruta que involucra valores LSB, también conocido como el problema de 'Bar Mitzvah'. • http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727 http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •