CVSS: 9.8EPSS: 5%CPEs: 17EXPL: 0CVE-2015-7500 – libxml2: Heap buffer overflow in xmlParseMisc
https://notcve.org/view.php?id=CVE-2015-7500
07 Dec 2015 — The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags. La función xmlParseMisc en parser.c en libxml2 en versiones anteriores a 2.9.3 permite a atacantes dependientes del contexto causar una denegación de servicio (lectura de memoria dinámica fuera de rango) a través de vectores no especificados relacionados con límites de entidades... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 16%CPEs: 64EXPL: 0CVE-2015-8327 – cups-filters: foomatic-rip did not consider the back tick as an illegal shell escape character
https://notcve.org/view.php?id=CVE-2015-8327
03 Dec 2015 — Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job. Vulnerabilidad de lista negra incompleta en util.c en foomatic-rip en cups-filters 1.0.42 en versiones anteriores a 1.2.0 y en foomatic-filters en Foomatic 4.0.x permite a atacantes remotos ejecutar comandos arbitrarios a través de caracteres ` (acento grave) en un trabajo d... • http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 4CVE-2015-5273 – abrt (Centos 7.1 / Fedora 22) - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-5273
23 Nov 2015 — The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp. El programa de ayuda abrt-action-install-debuginfo-to-abrt-cache en Automatic Bug Reporting Tool (ABRT) en versiones anteriores a 2.7.1 permite a usuarios locales escribir archivos arbitrarios a través de un ataque de un enlace simbólico en unpacked.... • https://packetstorm.news/files/id/134581 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-377: Insecure Temporary File •
CVSS: 7.8EPSS: 12%CPEs: 5EXPL: 8CVE-2015-5287 – ABRT sosreport Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-5287
23 Nov 2015 — The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump. El programa de ayuda abrt-hook-ccpp en Automatic Bug Reporting Tool (ABRT) en versiones anteriores a 2.7.1 permite a usuarios locales con ciertos permisos obtener privilegios a través de un ataque de enlace simbólico en ... • https://packetstorm.news/files/id/154592 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2014-8241 – tigervnc: NULL pointer dereference flaw in XRegion
https://notcve.org/view.php?id=CVE-2014-8241
20 Nov 2015 — XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052. XRegion en TigerVNC permite a servidores VNC remotos provocar una denegación de servicio (referencia al puntero NULO) aprovechando un fallo en la comprobación de un valor de retorno malloc, un problema similar a CVE-2014-6052. A NULL pointer dereference flaw was found in TigerVNC's XRegion. A malicious VNC server could u... • http://seclists.org/oss-sec/2014/q4/278 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 1%CPEs: 18EXPL: 0CVE-2015-3276 – openldap: incorrect multi-keyword mode cipherstring parsing
https://notcve.org/view.php?id=CVE-2015-3276
20 Nov 2015 — The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors. La función nss_parse_ciphers en libraries/libldap/tls_m.c en OpenLDAP no analiza adecuadamente cadenas de cifrado en modo multiclave de estilo OpenSSL, lo que podría provocar el uso de un cifrado más débil que el previsto y permitir ... • http://rhn.redhat.com/errata/RHSA-2015-2131.html • CWE-682: Incorrect Calculation •
CVSS: 5.5EPSS: 0%CPEs: 158EXPL: 1CVE-2015-7981 – libpng: Out-of-bounds read in png_convert_to_rfc1123
https://notcve.org/view.php?id=CVE-2015-7981
19 Nov 2015 — The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read. La función png_convert_to_rfc1123 en png.c en libpng 1.0.x en versiones anteriores a 1.0.64, 1.2.x en versiones anteriores a 1.2.54 y 1.4.x en versiones anteriores a 1.4.17 permite a atacantes remotos obtener información sensible de la ... • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172620.html • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 11%CPEs: 25EXPL: 0CVE-2015-5194 – ntp: crash with crafted logconfig configuration command
https://notcve.org/view.php?id=CVE-2015-5194
27 Oct 2015 — The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands. La función log_config_command en el archivo ntp_parser.y en ntpd en NTP anterior a versión 4.2.7p42, permite a los atacantes remotos causar una denegación de servicio (bloqueo de ntpd) por medio de comandos logconfig creados. It was found that ntpd could crash due to an uninitialized variable when processing malformed logconfig confi... • http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=4c4fc141LwvcoGp-lLGhkAFp3ZvtrA • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 10%CPEs: 18EXPL: 1CVE-2015-5195 – ntp: ntpd crash when processing config commands with statistics type
https://notcve.org/view.php?id=CVE-2015-5195
27 Oct 2015 — ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation. ntp_openssl.m4 en ntpd en NTP anterior a 4.2.7p112, permite a los atacantes remotos causar una denegación de servicio (fallo de segmentación) por medio de un comando de configuración statistics o filegen creadas que no está habilitado durante la compilación. It was found that ntpd would exit ... • https://github.com/theglife214/CVE-2015-5195 • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 3%CPEs: 33EXPL: 0CVE-2015-5219 – ntp: infinite loop in sntp processing crafted packet
https://notcve.org/view.php?id=CVE-2015-5219
27 Oct 2015 — The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet. La función ULOGTOD en el archivo ntp.d en SNTP en versiones anteriores a la 4.2.7p366 no realiza apropiadamente las conversiones de tipo de un valor de precisión a uno doble, lo que permite a los atacantes remotos causar una denegación de servicio (bucle infinito) por medio de... • http://aix.software.ibm.com/aix/efixes/security/ntp_advisory4.asc • CWE-704: Incorrect Type Conversion or Cast CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •