CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 0CVE-2015-0439
https://notcve.org/view.php?id=CVE-2015-0439
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-4756. Vulnerabilidad no especificada en Oracle MySQL Server 5.6.22 y versiones anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con Server : InnoDB, una vulnerabilidad diferente a CVE-2015-4756. • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html http://www.securityfocus.com/bid/74085 http://www.securitytracker.com/id/1032121 https://security.gentoo.org/glsa/201507-19 •
CVSS: 3.5EPSS: 0%CPEs: 5EXPL: 0CVE-2015-2567
https://notcve.org/view.php?id=CVE-2015-2567
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges. Vulnerabilidad no especificada en Oracle MySQL Server 5.6.23 y anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con Server : Security : Privileges. • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html http://www.securitytracker.com/id/1032121 https://security.gentoo.org/glsa/201507-19 •
CVSS: 2.8EPSS: 0%CPEs: 5EXPL: 0CVE-2015-2566
https://notcve.org/view.php?id=CVE-2015-2566
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML. Vulnerabilidad no especificada en Oracle MySQL Server 5.6.22 y anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con DML. • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html http://www.securitytracker.com/id/1032121 https://security.gentoo.org/glsa/201507-19 •
CVSS: 5.0EPSS: 1%CPEs: 9EXPL: 2CVE-2014-8121 – glibc: Unexpected closing of nss_files databases after lookups causes denial of service
https://notcve.org/view.php?id=CVE-2014-8121
DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset. DB_LOOKUP en nss_files/files-XXX.c en Name Service Switch (NSS) en GNU C Library (también conocida como glibc o libc6) 2.21 y versiones anteriores no comprueba correctamente si un archivo está abierto, lo que permite a atacantes remotos causar una denegación de servicio (bucle infinito) realizando una búsqueda en una base de datos mientras itera sobre ella, lo que desencadena que el puntero al archivo sea reestablecido. It was found that the files back end of Name Service Switch (NSS) did not isolate iteration over an entire database from key-based look-up API calls. An application performing look-ups on a database while iterating over it could enter an infinite loop, leading to a denial of service. • http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html http://rhn.redhat.com/errata/RHSA-2015-0327.html http://www.debian.org/security/2016/dsa-3480 http://www.securityfocus.com/bid/73038 http://www.ubuntu.com/usn/USN-2985-1 http://www.ubuntu.com/usn/USN-2985-2 https://bugzilla.redhat.com/show_bug.cgi?id=1165192 https://security.gentoo.org/glsa/201602-02 https://sourcewa • CWE-17: DEPRECATED: Code CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 3.3EPSS: 0%CPEs: 8EXPL: 1CVE-2014-8134 – kernel: x86: espfix not working for 32-bit KVM paravirt guests
https://notcve.org/view.php?id=CVE-2014-8134
The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value. La función paravirt_ops_setup en arch/x86/kernel/kvm.c en el kernel de Linux hasta 3.18 utiliza una configuración paravirt_enabled indebida para los kernels KVM invitados, lo que facilita a usuarios invitados del sistema operativo evadir el mecanismo de protección ASLR a través de una aplicación manipulada que lee un valor de 16 bits. It was found that the espfix functionality does not work for 32-bit KVM paravirtualized guests. A local, unprivileged guest user could potentially use this flaw to leak kernel stack addresses. • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-8134.html http://rhn.redhat.com/errata/RHSA-2016-0855.html http://secunia.com/advisories/62336 http://www.oracle.com/technetwork/t •