CVE-2015-4802 – mysql: unspecified vulnerability related to Server:Partition (CPU October 2015)
https://notcve.org/view.php?id=CVE-2015-4802
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.45 y versiones anteriores y 5.6.26 y versiones anteriores permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores desconocidos relacionados con Server : Partition, una vulnerabilidad diferente a CVE-2015-4792. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html http://rhn.redhat.com/errata/RHSA-2016-0534.html http://rhn.redhat.com/errata/RHSA-2016-0705.html http://rhn.redhat.com/errata/RHSA-2016-1480.html http://rhn.redhat.com/errata/RHSA-2016-1481 •
CVE-2015-4826 – mysql: unspecified vulnerability related to Server:Types (CPU October 2015)
https://notcve.org/view.php?id=CVE-2015-4826
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.45 y versiones anteriores y 5.6.26 y versiones anteriores permite a usuarios remotos autenticados afectar a la confidencialidad a través de vectores desconocidos relacionados con Server : Types. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html http://rhn.redhat.com/errata/RHSA-2016-0534.html http://rhn.redhat.com/errata/RHSA-2016-0705.html http://rhn.redhat.com/errata/RHSA-2016-1480.html http://rhn.redhat.com/errata/RHSA-2016-1481 •
CVE-2015-7704 – ntp: disabling synchronization via crafted KoD packet
https://notcve.org/view.php?id=CVE-2015-7704
The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages. El cliente ntpd en NTP 4.x en versiones anteriores a 4.2.8p4, y 4.3.x en versiones anteriores a 4.3.77 permite que atacantes remotos provoquen una denegación de servicio empleando una serie de mensajes "KOD" manipulados. It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets. A remote attacker could use this flaw to send a crafted Kiss-of-Death packet to an ntpd client that would increase the client's polling interval value, and effectively disable synchronization with the server. • http://bugs.ntp.org/show_bug.cgi?id=2901 http://rhn.redhat.com/errata/RHSA-2015-1930.html http://rhn.redhat.com/errata/RHSA-2015-2520.html http://support.ntp.org/bin/view/Main/NtpBug2901 http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_4_2_8p4_Securit http://www.debian.org/security/2015/dsa-3388 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/77280 http://www.securitytracker.com/id/1 • CWE-20: Improper Input Validation •
CVE-2015-5260 – spice: insufficient validation of surface_id parameter can cause crash
https://notcve.org/view.php?id=CVE-2015-5260
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter. Desbordamiento de buffer basado en memoria dinámica en SPICE en versiones anteriores a 0.12.6 permite a usuarios invitados del SO provocar una denegación de servicio (corrupción basada en memoria dinámica y caída de QEMu-KVM) o posiblemente ejecutar código arbitrario en el anfitrión a través de comandos QXL relacionados con el parámetro surface_id . A heap-based buffer overflow flaw was found in the way spice handled certain QXL commands related to the "surface_id" parameter. A user in a guest could use this flaw to crash the host QEMU-KVM process or, possibly, execute arbitrary code with the privileges of the host QEMU-KVM process. • http://lists.freedesktop.org/archives/spice-devel/2015-October/022191.html http://rhn.redhat.com/errata/RHSA-2015-1889.html http://rhn.redhat.com/errata/RHSA-2015-1890.html http://www.debian.org/security/2015/dsa-3371 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/77019 http://www.securitytracker.com/id/1033753 http://www.ubuntu.com/usn/USN-2766-1 https://bugzilla.redhat.com/show_bug.cgi?id=1260822 https: • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-5261 – spice: host memory access from guest using crafted images
https://notcve.org/view.php?id=CVE-2015-5261
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation. Desbordamiento de buffer basado en memoria dinámica en SPICE en versiones anteriores a 0.12.6 permite a usuarios invitados del SO leer y escribir en localizaciones de memoria arbitrarias en el anfitrión a través de comandos QXL de invitado relacionados con la creación de superficie. A heap-based buffer overflow flaw was found in the way SPICE handled certain guest QXL commands related to surface creation. A user in a guest could use this flaw to read and write arbitrary memory locations on the host. • http://lists.freedesktop.org/archives/spice-devel/2015-October/022191.html http://rhn.redhat.com/errata/RHSA-2015-1889.html http://rhn.redhat.com/errata/RHSA-2015-1890.html http://www.debian.org/security/2015/dsa-3371 http://www.openwall.com/lists/oss-security/2015/10/06/4 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securitytracker.com/id/1033753 http://www.ubuntu.com/usn/USN-2766-1 https://bugzilla.redhat.com/show_bug • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •