CVSS: 5.5EPSS: 0%CPEs: 19EXPL: 0CVE-2015-2157 – Debian Security Advisory 3190-1
https://notcve.org/view.php?id=CVE-2015-2157
16 Mar 2015 — The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory. Las funciones (1) ssh2_load_userkey y (2) ssh2_save_userkey en PuTTY 0.51 hasta 0.63 no limpian correctamente las claves privadas SSH-2 de la memoria, lo que permite a usuarios remotos obtener información sensible mediante la lectura de la memoria. Patrick Coleman discovered that the Putty... • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151790.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 38EXPL: 0CVE-2015-2151 – xen: hypervisor memory corruption due to x86 emulator flaw (xsa123)
https://notcve.org/view.php?id=CVE-2015-2151
11 Mar 2015 — The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors. El emulador x86 en Xen 3.2.x hasta 4.5.x no ignora correctamente las anulaciones de segmentos para instrucciones con operandos del registro, lo que permite a usuarios locales invitados obtener información sensible... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 38EXPL: 0CVE-2015-2045 – Gentoo Linux Security Advisory 201504-04
https://notcve.org/view.php?id=CVE-2015-2045
11 Mar 2015 — The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors. La hiperllamada HYPERVISOR_xen_version en Xen 3.2.x hasta 4.5.x ni inicializa correctamente las estructuras de datos, lo que permite a usuarios locales invitados obtener información sensible a través de vectores no especificados. Multiple vulnerabilities have been found in Xen, the worst of which can allow remote... • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 5%CPEs: 5EXPL: 0CVE-2015-1782 – libssh2: Using SSH_MSG_KEXINIT data unbounded
https://notcve.org/view.php?id=CVE-2015-1782
11 Mar 2015 — The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packet. La función kex_agree_methods en libssh2 anterior a 1.5.0 permite a servidores remotos causar una denegación de servicio (caída) o tener otro impacto sin especificar a través de valores de longitud modificados en un paquete SSH_MSG_KEXINIT. A flaw was found in the way the kex_agree_methods() function of libss... • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151943.html • CWE-20: Improper Input Validation CWE-130: Improper Handling of Length Parameter Inconsistency •
CVSS: 8.8EPSS: 1%CPEs: 57EXPL: 0CVE-2015-2206 – Debian Security Advisory 3382-1
https://notcve.org/view.php?id=CVE-2015-2206
09 Mar 2015 — libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests. libraries/select_lang.lib.php en phpMyAdmin 4.0.x anterior a 4.0.10.9, 4.2.x anterior a 4.2.13.2, y 4.3.x anterior a 4.3.11.1 incluye... • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151331.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2014-9637 – Mandriva Linux Security Advisory 2015-138
https://notcve.org/view.php?id=CVE-2014-9637
02 Mar 2015 — GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file. GNU parche 2.7.2 y anteriores permite que atacantes remotos provoquen una denegación de servicio (consumo de memoria y error de segmentación) mediante un archivo diff manipulado. Jakub Wilk discovered that GNU patch did not correctly handle file paths in patch files. An attacker could specially craft a patch file that could overwrite arbitrary files with the p... • http://advisories.mageia.org/MGASA-2015-0068.html • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 3%CPEs: 6EXPL: 0CVE-2015-1395 – Mandriva Linux Security Advisory 2015-138
https://notcve.org/view.php?id=CVE-2015-1395
02 Mar 2015 — Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name. Una vulnerabilidad de salto de directorio en GNU en versiones de parche que soportan parcheo Git-style en versiones anteriores a la 2.7.3 permite que atacantes remotos escriban en archivos arbitrarios con los permisos del usuario objetivo mediante un ".." (dot dot) en el nombre... • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154214.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 3%CPEs: 4EXPL: 0CVE-2015-0886
https://notcve.org/view.php?id=CVE-2015-0886
28 Feb 2015 — Integer overflow in the crypt_raw method in the key-stretching implementation in jBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a brute-force attack against hashes associated with the maximum exponent. Desbordamiento de enteros en el método crypt_raw en la implementación del estiramiento de claves en jBCrypt anterior a 0.4 facilita a atacantes remotos determinar valores en texto claro de hashes de contraseñas a través de un ataque de fuerza bruta... • http://jvn.jp/en/jp/JVN77718330/index.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 5%CPEs: 9EXPL: 0CVE-2014-9679 – cups: cupsRasterReadPixels buffer overflow
https://notcve.org/view.php?id=CVE-2014-9679
19 Feb 2015 — Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow. Desbordamiento de enteros en la función cupsRasterReadPixels en filter/raster.c en CUPS anterior a 2.0.2 permite a atacantes remotos tener un impacto no especificado a través de un fichero de raster comprimido malformado, lo que provoca un desbordamiento de buffer. An integer overflow flaw, ... • http://advisories.mageia.org/MGASA-2015-0067.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 2%CPEs: 29EXPL: 1CVE-2014-9465 – Mandriva Linux Security Advisory 2015-040
https://notcve.org/view.php?id=CVE-2014-9465
10 Feb 2015 — senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service (/tmp disk consumption) by uploading a large number of files. senddocument.php en Zarafa WebApp anterior a 2.0 beta 3 y WebAccess en Zarafa Collaboration Platform (ZCP) 7.x anterior a 7.1.12 beta 1 y 7.2.x anterior a 7.2.0 beta 1 permite a atacantes remotos causar una denegación de servicio (consum... • http://advisories.mageia.org/MGASA-2015-0049.html • CWE-399: Resource Management Errors •