CVSS: 4.3EPSS: 0%CPEs: 27EXPL: 0CVE-2015-2582 – mysql: unspecified vulnerability related to Server:GIS (CPU July 2015)
https://notcve.org/view.php?id=CVE-2015-2582
16 Jul 2015 — Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS. Vulnerabilidad no especificada en Oracle MySQL Server versión 5.5.43 y anteriores y versión 5.6.24 y anteriores, permiten a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con los GIS. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was foun... • http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html •
CVSS: 8.8EPSS: 0%CPEs: 33EXPL: 0CVE-2015-2643 – mysql: unspecified vulnerability related to Server:Optimizer (CPU July 2015)
https://notcve.org/view.php?id=CVE-2015-2643
16 Jul 2015 — Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.43 y anteriores y 5.6.24 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con Server : Optimizer. MariaDB is a multi-user, multi-threaded SQL database server that is binary comp... • http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html •
CVSS: 8.8EPSS: 0%CPEs: 33EXPL: 0CVE-2015-2648 – mysql: unspecified vulnerability related to Server:DML (CPU July 2015)
https://notcve.org/view.php?id=CVE-2015-2648
16 Jul 2015 — Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.43 y anteriores y 5.6.24 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con DML. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found that the MySQL clie... • http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html •
CVSS: 8.8EPSS: 0%CPEs: 35EXPL: 0CVE-2015-4752 – mysql: unspecified vulnerability related to Server:I_S (CPU July 2015)
https://notcve.org/view.php?id=CVE-2015-4752
16 Jul 2015 — Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.43 y anteriores y 5.6.24 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con Server : I_S. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found t... • http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html •
CVSS: 8.8EPSS: 0%CPEs: 31EXPL: 0CVE-2015-4757 – mysql: unspecified vulnerability related to Server:Optimizer (CPU July 2015)
https://notcve.org/view.php?id=CVE-2015-4757
16 Jul 2015 — Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.42 y anteriores y 5.6.23 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con Server : Optimizer. MariaDB is a multi-user, multi-threaded SQL database server that is binary comp... • http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2015-3149 – OpenJDK8: insecure hsperfdata temporary file handling, CVE-2015-0383 regression (Hotspot)
https://notcve.org/view.php?id=CVE-2015-3149
16 Jul 2015 — The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise Linux 6 and 7 allows local users to write to arbitrary files via a symlink attack. El componente Hotspot en OpenJDK8, como empaquetado en Red Hat Enterprise Linux versión 6 y 7, permite a los usuarios locales escribir en archivos arbitrarios mediante un ataque de enlace simbólico. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in ... • http://rhn.redhat.com/errata/RHSA-2015-1228.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-377: Insecure Temporary File •
CVSS: 9.8EPSS: 12%CPEs: 27EXPL: 1CVE-2015-4643 – php: integer overflow in ftp_genlist() resulting in heap overflow (improved fix for CVE-2015-4022)
https://notcve.org/view.php?id=CVE-2015-4643
07 Jul 2015 — Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022. Desbordamiento de entero en la función ftp_genlist en ext/ftp/ftp.c en PHP en versiones anteriores a 5.4.42, 5.5.x en versiones anteriores a 5.5.26 y 5.6.x en versiones anter... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=0765623d6991b62ffcd93ddb6be8a5203a2fa7e2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 56EXPL: 0CVE-2015-3281 – haproxy: information leak in buffer_slow_realign()
https://notcve.org/view.php?id=CVE-2015-3281
06 Jul 2015 — The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request. La función buffer_slow_realign en HAProxy 1.5.x anterior a 1.5.14 y 1.6-dev no realinea correctamente un buffer que es utilizado para datos salientes pendientes, lo que permite a atacantes remotos obtener información sensib... • http://git.haproxy.org/?p=haproxy-1.5.git%3Ba=commit%3Bh=7ec765568883b2d4e5a2796adbeb492a22ec9bd4 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 41EXPL: 1CVE-2015-3411 – php: missing null byte checks for paths in various PHP extensions
https://notcve.org/view.php?id=CVE-2015-3411
23 Jun 2015 — PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the xmlwriter_open_uri function, (3) the finfo_file function, or (4) the hash_hmac_file function, as demonstrated by a filename\0.xml attack that bypasses an intended configuration in which client users may read only .xml files. PHP en versiones... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=4435b9142ff9813845d5c97ab29a5d637bedb257 • CWE-20: Improper Input Validation CWE-626: Null Byte Interaction Error (Poison Null Byte) •
CVSS: 5.3EPSS: 0%CPEs: 41EXPL: 1CVE-2015-3412 – php: missing null byte checks for paths in various PHP extensions
https://notcve.org/view.php?id=CVE-2015-3412
23 Jun 2015 — PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read arbitrary files via crafted input to an application that calls the stream_resolve_include_path function in ext/standard/streamsfuncs.c, as demonstrated by a filename\0.extension attack that bypasses an intended configuration in which client users may read files with only one specific extension. PHP en versiones anteriores a 5.5.40, 5.5.x en versiones an... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=4435b9142ff9813845d5c97ab29a5d637bedb257 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-254: 7PK - Security Features CWE-626: Null Byte Interaction Error (Poison Null Byte) •