CVSS: 4.7EPSS: 0%CPEs: 42EXPL: 0CVE-2016-0642 – mysql: unspecified vulnerability in subcomponent: Server: Federated (CPU April 2016)
https://notcve.org/view.php?id=CVE-2016-0642
21 Apr 2016 — Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated. Vulnerabilidad no especificada en Oracle MySQL 5.5.48 y versiones anteriores, 5.6.29 y versiones anteriores y 5.7.11 y versiones anteriores permite a usuarios locales afectar a la integridad y disponibilidad a través de vectores relacionados con Federated. MariaDB is a multi-user, multi-threaded SQL database server.... • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html •
CVSS: 5.5EPSS: 0%CPEs: 35EXPL: 0CVE-2016-0651 – mysql: unspecified vulnerability in subcomponent: Server: Optimizer (CPU April 2016)
https://notcve.org/view.php?id=CVE-2016-0651
21 Apr 2016 — Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer. Vulnerabilidad no especificada en Oracle MySQL 5.5.46 y versiones anteriores permite a usuarios locales afectar a la disponibilidad a través de vectores relacionados con Optimizer. MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. MariaDB uses PCRE, a Perl-compatible regular expression library,... • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html •
CVSS: 10.0EPSS: 85%CPEs: 81EXPL: 0CVE-2016-3427 – Oracle Java SE and JRockit Unspecified Vulnerability
https://notcve.org/view.php?id=CVE-2016-3427
20 Apr 2016 — Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. Vulnerabilidad no especificada en Oracle Java SE 6u113, 7u99 y 8u77; Java SE Embedded 8u77; y JRockit R28.3.9 permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores relacionados con JMX. It was discovered that the RMI server implementation in... • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html • CWE-284: Improper Access Control •
CVSS: 6.8EPSS: 48%CPEs: 228EXPL: 0CVE-2016-1285 – bind: malformed packet sent to rndc can trigger assertion failure
https://notcve.org/view.php?id=CVE-2016-1285
09 Mar 2016 — named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c. named en ISC BIND 9.x en versiones anteriores a 9.9.8-P4 y 9.10.x en versiones anteriores a 9.10.3-P4 no maneja adecuadamente los archivos DNAME cuando analiza gramaticalmente l... • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.html • CWE-617: Reachable Assertion •
CVSS: 8.6EPSS: 74%CPEs: 228EXPL: 0CVE-2016-1286 – bind: malformed signature records for DNAME records can trigger assertion failure
https://notcve.org/view.php?id=CVE-2016-1286
09 Mar 2016 — named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c. named en ISC BIND 9.x en versiones anteriores a 9.9.8-P4 y 9.10.x en versiones anteriores a 9.10.3-P4 permite a atacantes remotos provocar una denegación de servicio (fallo de aserción y salida de demonio) a través de un registro de firma manipulado para un registro DNAME, ... • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.html • CWE-617: Reachable Assertion •
CVSS: 4.9EPSS: 0%CPEs: 18EXPL: 4CVE-2016-2782 – Linux Kernel 3.10.0 (CentOS / RHEL 7.1) - visor 'treo_attach' Nullpointer Dereference
https://notcve.org/view.php?id=CVE-2016-2782
09 Mar 2016 — The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint. La función treo_attach en drivers/usb/serial/visor.c en el kernel de Linux en versiones anteriores a 4.5 permite a atacantes físicamente próximos causar una denegación de servicio (referencia ... • https://packetstorm.news/files/id/136142 • CWE-476: NULL Pointer Dereference •
CVSS: 7.2EPSS: 0%CPEs: 23EXPL: 0CVE-2015-8816 – Debian Security Advisory 3503-1
https://notcve.org/view.php?id=CVE-2015-8816
04 Mar 2016 — The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device. La función hub_activate en drivers/usb/core/hub.c en el Kernel de Linux en versiones anteriores a 4.3.5 no mantiene correctamente una estructura de datos hub-interface, lo que perm... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e50293ef9775c5f1cf3fcc093037dd6a8c5684ea •
CVSS: 8.1EPSS: 97%CPEs: 68EXPL: 18CVE-2015-7547 – glibc - 'getaddrinfo' Stack Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2015-7547
16 Feb 2016 — Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. Múltiples desbordamientos de buffer basado en pi... • https://packetstorm.news/files/id/167552 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 7.7EPSS: 0%CPEs: 19EXPL: 0CVE-2015-8567 – Gentoo Linux Security Advisory 201602-01
https://notcve.org/view.php?id=CVE-2015-8567
03 Feb 2016 — Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption). La pérdida de memoria en net/vmxnet3.c en QEMU permite a atacantes remotos provocar una denegación de servicio (consumo de memoria). Qinghao Tang discovered that QEMU incorrectly handled PCI MSI-X support. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.10. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176503.html • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 9.1EPSS: 1%CPEs: 14EXPL: 0CVE-2015-5041 – JDK: J9 JVM allows code to invoke non-public interface methods
https://notcve.org/view.php?id=CVE-2015-5041
02 Feb 2016 — The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods. El JVM J9 en IBM SDK, Java Technology Edition 6 en versiones anteriores a SR16 FP20, 6 R1 en versiones anteriores a SR8 FP20, 7 en versiones anteriores a SR9 FP30 y 7 R1 en versiones anteriores a SR3 FP30 permite a atacantes remotos obtener información sensible o in... • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00026.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •