Page 57 of 680 results (0.019 seconds)

CVSS: 4.0EPSS: 0%CPEs: 33EXPL: 0

CVE-2015-2648 – mysql: unspecified vulnerability related to Server:DML (CPU July 2015)

https://notcve.org/view.php?id=CVE-2015-2648

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.43 y anteriores y 5.6.24 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con DML. • http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html http://rhn.redhat.com/errata/RHSA-2015-1628.html http://rhn.redhat.com/errata/RHSA-2015-1629.html http://rhn.redhat.com/errata/RHSA-2015-1630.html http://rhn.redhat.com/errata/RHSA-2015-1646.html http://rhn.redhat.com/errata/RHSA-2015-1647.html http://rhn.redhat.com/errata/RHSA-2015-1665.html http://www.debian.org/security/2015/dsa-3308 http://www.debian.org/security/2015/dsa-3311 http:// •

CVSS: 5.0EPSS: 2%CPEs: 17EXPL: 0

CVE-2015-1819 – libxml2: denial of service processing a crafted XML document

https://notcve.org/view.php?id=CVE-2015-1819

The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack. Vulnerabilidad en el xmlreader en libxml, permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de datos XML manipulados, relacionada con un ataque XML Entity Expansión (XEE). A denial of service flaw was found in the way the libxml2 library parsed certain XML files. An attacker could provide a specially crafted XML file that, when parsed by an application using libxml2, could cause that application to use an excessive amount of memory. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172710.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172943.html http://lists.opensuse.org/opensuse-updates/2015- • CWE-399: Resource Management Errors •

CVSS: 6.8EPSS: 2%CPEs: 4EXPL: 0

CVE-2015-0848 – libwmf: heap overflow when decoding BMP images

https://notcve.org/view.php?id=CVE-2015-0848

Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image. Desbordamiento de buffer basado en memoria dinámica en libwmf 0.2.8.4 permite a atacantes remotos causar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de una imagen BMP manipulada. It was discovered that libwmf did not correctly process certain WMF (Windows Metafiles) containing BMP images. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the application. • http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160668.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168507.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165547.html http://lists.opensuse.org/opensuse-updates/2015-06/msg00051.html http://lists.opensuse.org/opensuse-updates/2015-06/msg00053.html http://lists.opensuse.org/opensuse-updates/2015-07/msg00018.html http://rhn.redhat.com/errata/RHSA-2015-1917.html http://www • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVSS: 6.8EPSS: 3%CPEs: 4EXPL: 1

CVE-2015-4588 – libwmf: heap overflow within the RLE decoding of embedded BMP images

https://notcve.org/view.php?id=CVE-2015-4588

Heap-based buffer overflow in the DecodeImage function in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted "run-length count" in an image in a WMF file. Desbordamiento de buffer basado en memoria dinámica en la función DecodeImage en libwmf 0.2.8.4 permite a atacantes remotos causar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de una 'cuenta del longitud de realización' manipulada en una imagen en un fichero WMF. It was discovered that libwmf did not correctly process certain WMF (Windows Metafiles) with embedded BMP images. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the application. • http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160668.html http://lists.opensuse.org/opensuse-updates/2015-06/msg00051.html http://lists.opensuse.org/opensuse-updates/2015-06/msg00053.html http://lists.opensuse.org/opensuse-updates/2015-07/msg00018.html http://rhn.redhat.com/errata/RHSA-2015-1917.html http://www.debian.org/security/2015/dsa-3302 http://www.openwall.com/lists/oss-security/2015/06/03/6 http://www.openwall.com/lists/oss-security/2015/06/16& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0

CVE-2015-2141

https://notcve.org/view.php?id=CVE-2015-2141

The InvertibleRWFunction::CalculateInverse function in rw.cpp in libcrypt++ 5.6.2 does not properly blind private key operations for the Rabin-Williams digital signature algorithm, which allows remote attackers to obtain private keys via a timing attack. La función InvertibleRWFunction::CalculateInverse en rw.cpp en libcrypt++ 5.6.2 no ciega correctamente las operaciones de claves privadas para el algoritmo de la firma digital Rabin-Williams, lo que permite a atacantes remotos obtener claves privadas a través de un ataque de tiempos. • http://lists.opensuse.org/opensuse-updates/2015-07/msg00047.html http://sourceforge.net/p/cryptopp/code/542 http://www.debian.org/security/2015/dsa-3296 http://www.securityfocus.com/bid/75467 https://github.com/weidai11/cryptopp/commit/9425e16437439e68c7d96abef922167d68fafaff • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •