CVSS: 5.3EPSS: 2%CPEs: 56EXPL: 1CVE-2015-3195 – OpenSSL: X509_ATTRIBUTE memory leak
https://notcve.org/view.php?id=CVE-2015-3195
03 Dec 2015 — The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application. La implementación ASN1_TFLG_COMBINE en crypto/asn1/tasn_dec.c en OpenSSL en versiones anteriores a 0.9.8zh, 1.0.0 en versiones anteriores a 1.0.0t, 1.... • https://github.com/Trinadh465/OpenSSL-1_0_1g_CVE-2015-3195 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2015-4869
https://notcve.org/view.php?id=CVE-2015-4869
21 Oct 2015 — Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via unknown vectors related to Kernel. Vulnerabilidad no especificada en Oracle Sun Solaris 10 y 11.2 permite a usuarios locales afectar a la disponibilidad a través de vectores desconocidos relacionados con el Kernel. • http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2015-2642
https://notcve.org/view.php?id=CVE-2015-2642
21 Oct 2015 — Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Gzip. Vulnerabilidad no especificada en Oracle Sun Solaris 10 y 11.2 permite a usuarios locales afectar a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con Gzip. • http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html •
CVSS: 7.5EPSS: 11%CPEs: 7EXPL: 0CVE-2015-7236 – rpcbind: Use-after-free vulnerability in PMAP_CALLIT
https://notcve.org/view.php?id=CVE-2015-7236
24 Sep 2015 — Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a PMAP_CALLIT code. Vulnerabilidad de uso después de liberación de memoria en xprt_set_caller en rpcb_svc_com.c en rpcbind 0.2.1 y versiones anteriores, permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de paquetes manipulados, implicando un código PMAP_CALLIT. A use-after-f... • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171030.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 7%CPEs: 17EXPL: 0CVE-2015-4491 – Mozilla: Heap overflow in gdk-pixbuf when scaling bitmap images (MFSA 2015-88)
https://notcve.org/view.php?id=CVE-2015-4491
11 Aug 2015 — Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling. Vulnerabilidad de desbordamiento de entero en la función make_filter_table en pixops/pixops... • http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165701.html • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •
CVSS: 7.3EPSS: 0%CPEs: 27EXPL: 0CVE-2015-1283 – chromium-browser: Heap-buffer-overflow in expat.
https://notcve.org/view.php?id=CVE-2015-1283
23 Jul 2015 — Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716. Múltiples vulnerabilidades de desbordamiento de entero en la función XML_GetBuffer en Expat hasta la versión 2.1.0 implementada en Chrome en versiones anteriores a la 44.0.2403.89 y otros... • http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-2580
https://notcve.org/view.php?id=CVE-2015-2580
16 Jul 2015 — Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to NFSv4. Vulnerabilidad no especificada en Oracle Sun Solaris 10 y 11.2, permite a usuarios locales afectar la disponibilidad a través de vectores relacionados con NFSv4. • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-2589
https://notcve.org/view.php?id=CVE-2015-2589
16 Jul 2015 — Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to S10 Branded Zone. Vulnerabilidad no especificada en Oracle Sun Solaris 10 y 11.2, permite a usuarios locales afectar la disponibilidad a través de vectores relacionados con S10 Branded Zone. • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2015-2631
https://notcve.org/view.php?id=CVE-2015-2631
16 Jul 2015 — Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to rmformat. Vulnerabilidad no especificada en Oracle Sun Solaris 10 y 11.2, permite a usuarios locales afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con rmformat. • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-2662
https://notcve.org/view.php?id=CVE-2015-2662
16 Jul 2015 — Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to DHCP Server. Vulnerabilidad no especificada en Oracle Sun Solaris 10 y 11.2, permite a usuarios locales afectar la disponibilidad a través de vectores relacionados con el servidor DHCP. • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html •