CVSS: 9.8EPSS: 7%CPEs: 24EXPL: 0CVE-2015-8391 – pcre: inefficient posix character class syntax check (8.38/16)
https://notcve.org/view.php?id=CVE-2015-8391
02 Dec 2015 — The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. La función pcre_compile en pcre_compile.c en PCRE en versiones anteriores a 8.38 no maneja correctamente cierta anidación [: , lo que permite a atacantes remotos causar una denegación de servi... • http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-407: Inefficient Algorithmic Complexity •
CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0CVE-2015-5006 – JDK: local disclosure of kerberos credentials cache
https://notcve.org/view.php?id=CVE-2015-5006
23 Nov 2015 — IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache. IBM Java Security Components en IBM SDK, Java Technology Edition 8 en versiones anteriores a SR2, 7 R1 en versiones anteriores a SR3 FP20, 7 en versiones anteriores a SR9 FP20, 6 R1 en versiones anteriores a SR8 FP15 y 6 en versiones an... • http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 18EXPL: 0CVE-2015-3276 – openldap: incorrect multi-keyword mode cipherstring parsing
https://notcve.org/view.php?id=CVE-2015-3276
20 Nov 2015 — The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors. La función nss_parse_ciphers en libraries/libldap/tls_m.c en OpenLDAP no analiza adecuadamente cadenas de cifrado en modo multiclave de estilo OpenSSL, lo que podría provocar el uso de un cifrado más débil que el previsto y permitir ... • http://rhn.redhat.com/errata/RHSA-2015-2131.html • CWE-682: Incorrect Calculation •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2015-7837 – kernel: securelevel disabled after kexec
https://notcve.org/view.php?id=CVE-2015-7837
20 Nov 2015 — The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot. El kernel de Linux, tal y como se emplea en Red Hat Enterprise Linux 7, kernel-rt y Enterprise MRG 2 y cuando se emplea con UEFI Secure Boot habilitado, permite que usuarios locales omitan las restricciones securelevel/secureboot... • http://rhn.redhat.com/errata/RHSA-2015-2152.html • CWE-254: 7PK - Security Features CWE-456: Missing Initialization of a Variable •
CVSS: 7.7EPSS: 4%CPEs: 62EXPL: 0CVE-2015-8126 – libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions
https://notcve.org/view.php?id=CVE-2015-8126
13 Nov 2015 — Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. Múltiples desbordamientos de buffer en las funciones (1) png_set_PLTE y (2) png_get_PLTE en libpng en ver... • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 35EXPL: 0CVE-2015-4836 – mysql: unspecified vulnerability related to Server:SP (CPU October 2015)
https://notcve.org/view.php?id=CVE-2015-4836
21 Oct 2015 — Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.45 y versiones anteriores y 5.6.26 y versiones anteriores, permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores desconocidos relacionados con Server : SP. MariaDB is a multi-user, multi-threaded SQL database server. For all ... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html •
CVSS: 6.5EPSS: 0%CPEs: 34EXPL: 0CVE-2015-4858 – mysql: unspecified vulnerability related to Server:DML (CPU October 2015)
https://notcve.org/view.php?id=CVE-2015-4858
21 Oct 2015 — Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.45 y versiones anteriores y 5.6.26 y versiones anteriores, permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores relacionados con DML, una vulnerabilidad diferente a CVE-2015-4913. MariaDB is a m... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html •
CVSS: 6.5EPSS: 0%CPEs: 35EXPL: 0CVE-2015-4861 – mysql: unspecified vulnerability related to Server:InnoDB (CPU October 2015)
https://notcve.org/view.php?id=CVE-2015-4861
21 Oct 2015 — Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.45 y versiones anteriores y 5.6.26 y versiones anteriores, permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores desconocidos relacionados con Server : InnoDB. MariaDB is a multi-user, multi-threaded SQL database server. ... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html •
CVSS: 8.6EPSS: 0%CPEs: 30EXPL: 0CVE-2015-4864 – mysql: unspecified vulnerability related to Server:Security:Privileges (CPU October 2015)
https://notcve.org/view.php?id=CVE-2015-4864
21 Oct 2015 — Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.43 y versiones anteriores y 5.6.24 y versiones anteriores permite a usuarios remotos autenticados afectar a la integridad a través de vectores desconocidos relacionados con Server : Security : Privileges. Multiple security issues were discovered ... • http://rhn.redhat.com/errata/RHSA-2015-1628.html •
CVSS: 6.5EPSS: 19%CPEs: 34EXPL: 4CVE-2015-4870 – MySQL 5.5.45 - procedure analyse Function Denial of Service
https://notcve.org/view.php?id=CVE-2015-4870
21 Oct 2015 — Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.45 y versiones anteriores y 5.6.26 y versiones anteriores, permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores desconocidos relacionados con Server : Parser. MariaDB is a multi-user, multi-threaded SQL database server. ... • https://packetstorm.news/files/id/137232 •