CVSS: 5.5EPSS: 0%CPEs: 30EXPL: 0CVE-2015-1931 – JDK: plain text data stored in memory dumps
https://notcve.org/view.php?id=CVE-2015-1931
22 Jul 2015 — IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file. IBM Java Security Components en IBM SDK, Java Technology Edition 8 versiones anteriores a SR1 FP10, 7 R1 anteriores a SR3 FP10, 7 anteriores a SR9 FP10, 6 R1 anteriores a SR8 FP7, 6 anteriores a SR16 ... • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00051.html • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 10.0EPSS: 62%CPEs: 19EXPL: 0CVE-2015-5123 – Adobe Flash Player Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2015-5123
14 Jul 2015 — Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015. Vulnerabili... • http://blog.trendmicro.com/trendlabs-security-intelligence/new-zero-day-vulnerability-cve-2015-5123-in-adobe-flash-emerges-from-hacking-team-leak • CWE-416: Use After Free •
CVSS: 10.0EPSS: 92%CPEs: 25EXPL: 3CVE-2015-5122 – Adobe Flash Player Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2015-5122
13 Jul 2015 — Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in... • https://packetstorm.news/files/id/132663 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 1%CPEs: 28EXPL: 0CVE-2015-2734 – Mozilla: Vulnerabilities found through code inspection (MFSA 2015-66)
https://notcve.org/view.php?id=CVE-2015-2734
03 Jul 2015 — The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors. La función CairoTextureClientD3D9::BorrowDrawTarget en la implementación Direct3D 9 en Mozilla Firefox anterior a 39.0, Firefox ESR 31.x anterior a 31.8 y 38.x anterior a 38.1, y Thunderbird anterior a 38.1 lee datos ... • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html • CWE-17: DEPRECATED: Code •
CVSS: 10.0EPSS: 1%CPEs: 28EXPL: 0CVE-2015-2737 – Mozilla: Vulnerabilities found through code inspection (MFSA 2015-66)
https://notcve.org/view.php?id=CVE-2015-2737
03 Jul 2015 — The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors. La función rx::d3d11::SetBufferData en la implementación Direct3D 11 en Mozilla Firefox anterior a 39.0, Firefox ESR 31.x anterior a 31.8 y 38.x anterior a 38.1, y Thunderbird anterior a 38.1 lee datos de localizaciones de memoria n... • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html • CWE-17: DEPRECATED: Code •
CVSS: 10.0EPSS: 1%CPEs: 28EXPL: 0CVE-2015-2738 – Mozilla: Vulnerabilities found through code inspection (MFSA 2015-66)
https://notcve.org/view.php?id=CVE-2015-2738
03 Jul 2015 — The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors. La función YCbCrImageDataDeserializer::ToDataSourceSurface en la implementación YCbCr en Mozilla Firefox anterior a 39.0, Firefox ESR 31.x anterior a 31.8 y 38.x anterior a 38.1, y Thunderbird anterior a 38.1 lee da... • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html • CWE-17: DEPRECATED: Code •
CVSS: 10.0EPSS: 26%CPEs: 36EXPL: 0CVE-2015-3209 – qemu: pcnet: multi-tmd buffer overflow in the tx path
https://notcve.org/view.php?id=CVE-2015-3209
10 Jun 2015 — Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set. Desbordamiento de buffer basado en memoria dinámica en el controlador PCNET en QEMU permite a atacantes remotos ejecutar código arbitrario mediante el envío de un paquete con el juego TXSTATUS_STARTPACKET y posteriormente un paquete manipulado con el juego TXSTATUS_DEVICEOWNS. A flaw was found in... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0CVE-2015-4106 – Ubuntu Security Notice USN-2630-1
https://notcve.org/view.php?id=CVE-2015-4106
03 Jun 2015 — QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors. QEMU no restringe correctamente el acceso a escritura al espacio PCI config para ciertos dispositivos PCI pass-through, lo que podría permitir a invitados x86 HVM locales obtener privilegios, causar una denegación... • http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160154.html • CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 3%CPEs: 23EXPL: 2CVE-2014-9761 – glibc: Unbounded stack allocation in nan* functions
https://notcve.org/view.php?id=CVE-2014-9761
26 May 2015 — Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function. Múltiples desbordamientos de buffer basado en pila en la GNU C Library (también conocida como glibc o libc6) en versiones anteriores a 2.23 permiten a atacantes dependientes del contexto causar una denegación de servicio (caída de apl... • https://packetstorm.news/files/id/154361 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 6%CPEs: 24EXPL: 0CVE-2015-8776 – glibc: Segmentation fault caused by passing out-of-range data to strftime()
https://notcve.org/view.php?id=CVE-2015-8776
26 May 2015 — The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value. La función strftime en la GNU C Library (también conocida como glibc o libc6) en versiones anteriores a 2.23 permite a atacantes dependientes del contexto causar una denegación de servicio (caída de aplicación) o posiblemente obtener información sensible a través de un valor de ... • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html • CWE-189: Numeric Errors •