CVSS: 5.0EPSS: 5%CPEs: 4EXPL: 0CVE-2015-1381
https://notcve.org/view.php?id=CVE-2015-1381
Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors. Múltiples vulnerabilidades no especificadas en pcrs.c en Privoxy anterior a 3.0.23 permiten a atacantes remotos causar una denegación de servicio (fallo de segmentación o consumo de memoria) a través de vectores no especificados. • http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197&view=markup http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/pcrs.c?r1=1.46&r2=1.47 http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html http://secunia.com/advisories/62775 http://secunia.com/advisories/62899 http://www.debian.org/security/2015/dsa-3145 http://www.openwall.com/lists/oss-security/2015/01/26/4 http://www.openwall.com/lists/oss-security/2015/01/27/20 • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 2%CPEs: 4EXPL: 0CVE-2015-1382
https://notcve.org/view.php?id=CVE-2015-1382
parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header. parsers.c en Privoxy anterior a 3.0.23 permite a atacantes remotos causar una denegación de servicio (lectura inválida y caída) a través de vectores relacionados con una cabecera de tiempos de HTTP. • http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197&view=markup http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.297&r2=1.298 http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html http://secunia.com/advisories/62775 http://secunia.com/advisories/62899 http://www.debian.org/security/2015/dsa-3145 http://www.openwall.com/lists/oss-security/2015/01/26/4 http://www.openwall.com/lists/oss-security/2015/01/27/20 • CWE-20: Improper Input Validation •
CVSS: 3.5EPSS: 0%CPEs: 23EXPL: 0CVE-2015-0236 – libvirt: missing ACL check for the VIR_DOMAIN_XML_SECURE flag in save images and snapshots objects
https://notcve.org/view.php?id=CVE-2015-0236
libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface. libvirt anterior a 1.2.12 permite a usuarios remotos autenticados obtener la contraseña VNC mediante el uso del indicador VIR_DOMAIN_XML_SECURE con (1) una instantánea manipulada a la interfaz virDomainSnapshotGetXMLDesc o (2) una imagen manipulada a la interfaz virDomainSaveImageGetXMLDesc. It was discovered that the virDomainSnapshotGetXMLDesc() and virDomainSaveImageGetXMLDesc() functions did not sufficiently limit the usage of the VIR_DOMAIN_XML_SECURE flag when fine-grained ACLs were enabled. A remote attacker able to establish a connection to libvirtd could use this flaw to obtain certain sensitive information from the domain XML file. • http://advisories.mageia.org/MGASA-2015-0046.html http://lists.opensuse.org/opensuse-updates/2015-02/msg00028.html http://rhn.redhat.com/errata/RHSA-2015-0323.html http://secunia.com/advisories/62766 http://security.libvirt.org/2015/0001.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:035 http://www.mandriva.com/security/advisories?name=MDVSA-2015:070 http://www.ubuntu.com/usn/USN-2867-1 https://access.redhat.com/security/cve/CVE-2015-0236 https://bugz • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2015-1419
https://notcve.org/view.php?id=CVE-2015-1419
Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing. Una vulnerabilidad no especificada en vsftpd versiones 3.0.2 y anteriores permite a los atacantes remotos omitir las restricciones de acceso por medio de vectores desconocidos, relacionados con el análisis deny_file. • http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00023.html http://lists.opensuse.org/opensuse-updates/2015-01/msg00041.html http://secunia.com/advisories/62415 •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2014-8148
https://notcve.org/view.php?id=CVE-2014-8148
The default D-Bus access control rule in Midgard2 10.05.7.1 allows local users to send arbitrary method calls or signals to any process on the system bus and possibly execute arbitrary code with root privileges. La regla del control de acceso a D-Bus por defecto en Midgard2 10.05.7.1 permite a usuarios locales enviar llamadas o señales de método arbitrarias a cualquier proceso en el bus del sistema y posiblemente ejecutar código arbitrario con privilegios de root. • http://lists.opensuse.org/opensuse-updates/2015-01/msg00051.html http://lists.opensuse.org/opensuse-updates/2015-02/msg00066.html http://www.openwall.com/lists/oss-security/2015/01/05/2 • CWE-264: Permissions, Privileges, and Access Controls •