CVSS: 6.8EPSS: 0%CPEs: 10EXPL: 0CVE-2015-5234 – icedtea-web: unexpected permanent authorization of unsigned applets
https://notcve.org/view.php?id=CVE-2015-5234
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks. IcedTea-Web en versiones anteriores a 1.5.3 y 1.6.x anterior a 1.6.1 no limpia correctamente URLs de applet, lo que permite a atacantes remotos inyectar applets en el archivo de configuración .appletTrustSettings y eludir la aprobación del usuario para ejecutar la applet a través de una página web manipulada, probablemente relacionada con el salto de línea. It was discovered that IcedTea-Web did not properly sanitize applet URLs when storing applet trust settings. A malicious web page could use this flaw to inject trust-settings configuration, and cause applets to be executed without user approval. • http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167120.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167130.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2015-September/033546.html http://rhn.redhat.com/errata/RHSA-2016-0778.html http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securitytracker.com/id/1033780 http://w • CWE-20: Improper Input Validation CWE-138: Improper Neutralization of Special Elements •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 2CVE-2015-5957
https://notcve.org/view.php?id=CVE-2015-5957
Buffer overflow in the DumpSysVar function in var.c in Remind before 3.1.15 allows attackers to have unspecified impact via a long name. Desbordamiento de buffer en la función DumpSysVar en var.c en Remind en versiones anteriores a 3.1.15, permite a atacantes tener un impacto no especificado a través de un nombre largo. • http://lists.opensuse.org/opensuse-updates/2015-09/msg00025.html http://lists.roaringpenguin.com/pipermail/remind-fans/2015/003172.html http://www.openwall.com/lists/oss-security/2015/07/29/2 http://www.openwall.com/lists/oss-security/2015/08/07/1 http://www.securityfocus.com/bid/76099 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 2%CPEs: 4EXPL: 1CVE-2015-5185
https://notcve.org/view.php?id=CVE-2015-5185
The lookupProviders function in providerMgr.c in sblim-sfcb 1.3.4 and 1.3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty className in a packet. Vulnerabilidad en la función lookupProviders en providerMgr.c en sblim-sfcb 1.3.4 y 1.3.18, permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída de la aplicación) a través de un className vacío en un paquete. • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172634.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172659.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172667.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00019.html http://www.openwall.com/lists/oss-security/2015/08/21/2 http://www.securityfocus.com/bid/91212 •
CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 2CVE-2015-6938
https://notcve.org/view.php?id=CVE-2015-6938
Cross-site scripting (XSS) vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. NOTE: this was originally reported as a cross-site request forgery (CSRF) vulnerability, but this may be inaccurate. Vulnerabilidad de XSS en el buscador de archivos en notebook/notebookapp.py en IPython Notebook en versiones anteriores a 3.2.2 y Jupyter Notebook 4.0.x en versiones anteriores a 4.0.5, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del nombre de una carpeta. NOTA: esta vulnerabilidad fue inicialmente reportada como (CSRF), pero esto puede ser incorrecto. • http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166460.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166471.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167670.html http://lists.opensuse.org/opensuse-updates/2015-10/msg00016.html http://seclists.org/oss-sec/2015/q3/474 http://seclists.org/oss-sec/2015/q3/544 https://bugzilla.redhat.com/show_bug.cgi?id=1259405 https://github.com/ipython/ipython/commit/3a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 6%CPEs: 7EXPL: 0CVE-2014-9745
https://notcve.org/view.php?id=CVE-2014-9745
The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (infinite loop) via a "broken number-with-base" in a Postscript stream, as demonstrated by 8#garbage. Vulnerabilidad en la función parse_encoding en type1/t1load.c en FreeType en versiones anteriores a 2.5.3, permite a atacantes remotos causar una denegación de servicio (bucle infinito) a través de un 'broken number-with-base' en un stream Postscript, según lo demostrado por 8#garbage. • http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=df14e6c0b9592cbb24d5381dfc6106b14f915e75 http://lists.opensuse.org/opensuse-updates/2015-10/msg00017.html http://savannah.nongnu.org/bugs/index.php?41590 http://www.debian.org/security/2015/dsa-3370 http://www.securityfocus.com/bid/76727 http://www.securitytracker.com/id/1033536 http://www.ubuntu.com/usn/USN-2739-1 https://bugs.launchpad.net/ubuntu/+source/freetype/+bug/1492124 https://code.google.com/p/chromium&# • CWE-399: Resource Management Errors •