CVSS: 5.8EPSS: 89%CPEs: 84EXPL: 2CVE-2016-3715 – ImageMagick Arbitrary File Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2016-3715
05 May 2016 — The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. El codificador EPHEMERAL en ImageMagick en versiones anteriores a 6.9.3-10 y 7.x en versiones anteriores a 7.0.1-1 permite a atacantes remotos eliminar archivos arbitrarios a través de una imagen manipulada. It was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted... • https://www.exploit-db.com/exploits/39767 • CWE-20: Improper Input Validation CWE-552: Files or Directories Accessible to External Parties •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 0CVE-2016-0693
https://notcve.org/view.php?id=CVE-2016-0693
21 Apr 2016 — Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the PAM LDAP module. Vulnerabilidad no especificada en Oracle Sun Solaris 10 y 11.3 permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores relacionados con el módulo PAM LDAP. • http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-3419
https://notcve.org/view.php?id=CVE-2016-3419
21 Apr 2016 — Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via vectors related to Filesystem. Vulnerabilidad no especificada en Oracle Sun Solaris 10 y 11.3 permite a usuarios locales afectar a la disponibilidad a través de vectores relacionados con Filesystem. • http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-3441
https://notcve.org/view.php?id=CVE-2016-3441
21 Apr 2016 — Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Filesystem. Vulnerabilidad no especificada en Oracle Sun Solaris 10 y 11.3 permite a usuarios locales afectar a la confidencialidad, integridad y disponibilidad a través de vectores relacionados con Filesystem. • http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html •
CVSS: 5.3EPSS: 0%CPEs: 32EXPL: 0CVE-2015-8629 – krb5: xdr_nullstring() doesn't check for terminating null character
https://notcve.org/view.php?id=CVE-2015-8629
05 Feb 2016 — The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string. La función xdr_nullstring en lib/kadm5/kadm_rpc_xdr.c en kadmind in MIT Kerberos 5 (también conocido como krb5) en versiones anteriores a 1.13.4 y 1.14.x en versiones anterio... • http://krbdev.mit.edu/rt/Ticket/Display.html?id=8341 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-0535
https://notcve.org/view.php?id=CVE-2016-0535
21 Jan 2016 — Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via vectors related to RPC. Vulnerabilidad no especificada en Oracle Sun Solaris 10 y 11 permite a atacantes remotos afectar a la disponibilidad a través de vectores relacionados con RPC. • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html •
CVSS: 7.5EPSS: 54%CPEs: 170EXPL: 0CVE-2015-8000 – bind: responses with a malformed class attribute can trigger an assertion failure in db.c
https://notcve.org/view.php?id=CVE-2015-8000
16 Dec 2015 — db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute. db.c en named en ISC BIND 9.x en versiones anteriores a 9.9.8-P2 y 9.10.x en versiones anteriores a 9.10.3-P2 permite a atacantes remotos causar una denegación de servicio (falla de aserción REQUIRE y salida del demonio) a través de un atributo de clase mal formado. A denial of service flaw was found in the... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174143.html • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 2%CPEs: 56EXPL: 1CVE-2015-3195 – OpenSSL: X509_ATTRIBUTE memory leak
https://notcve.org/view.php?id=CVE-2015-3195
03 Dec 2015 — The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application. La implementación ASN1_TFLG_COMBINE en crypto/asn1/tasn_dec.c en OpenSSL en versiones anteriores a 0.9.8zh, 1.0.0 en versiones anteriores a 1.0.0t, 1.... • https://github.com/Trinadh465/OpenSSL-1_0_1g_CVE-2015-3195 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2015-4869
https://notcve.org/view.php?id=CVE-2015-4869
21 Oct 2015 — Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via unknown vectors related to Kernel. Vulnerabilidad no especificada en Oracle Sun Solaris 10 y 11.2 permite a usuarios locales afectar a la disponibilidad a través de vectores desconocidos relacionados con el Kernel. • http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2015-2642
https://notcve.org/view.php?id=CVE-2015-2642
21 Oct 2015 — Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Gzip. Vulnerabilidad no especificada en Oracle Sun Solaris 10 y 11.2 permite a usuarios locales afectar a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con Gzip. • http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html •