Page 96 of 744 results (0.015 seconds)

CVSS: 6.8EPSS: 3%CPEs: 9EXPL: 0

CVE-2015-1270 – ICU: Uninitialized memory read fixed in Chrome 44.0.2403.89

https://notcve.org/view.php?id=CVE-2015-1270

The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU), as used in Google Chrome before 44.0.2403.89, mishandles converter names with initial x- substrings, which allows remote attackers to cause a denial of service (read of uninitialized memory) or possibly have unspecified other impact via a crafted file. Vulnerabilidad en la función ucnv_io_getConverterName en common/ucnv_io.cpp en International Components for Unicode (ICU), usadas en Google Chrome en versiones anteriores a la 44.0.2403.89, no maneja correctamente los nombres convertidos con la subcadena inicial -x, lo cual permite a atacantes remotos causar una denegación de servicio mediante, la lectura de la memoria no inicializada o posiblemente teniendo otro impacto no especificado a través de un archivo manipulado. • http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html http://rhn.redhat.com/errata/RHSA-2015-1499.html http://www.debian.org/security/2015/dsa-3315 http://www.debian.org/security/2015/dsa-3360 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.securityfocus.com/bid/75973 http://www.securitytracker.com/id/1033031 http://www.ubuntu.com/usn/USN-274 • CWE-19: Data Processing Errors •

CVSS: 5.0EPSS: 1%CPEs: 5EXPL: 0

CVE-2015-0253 – httpd: NULL pointer dereference crash with ErrorDocument 400 pointing to a local URL-path

https://notcve.org/view.php?id=CVE-2015-0253

The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI. La función read_request_line en server/protocol.c del Servidor HTTP Apache en su versión 2.4.12 no inicializa el protocolo de estructura de miembro, lo que permite a atacantes remotos causar una denegación de servicio mediante la referencia a un puntero NULO y la caída procesos a través del envío de una solicitud que carece de un método para una instalación que habilita el filtro INCLUDE y tiene una directiva ErrorDocument 400 especificando un URI local. A NULL pointer dereference flaw was found in the way httpd generated certain error responses. A remote attacker could possibly use this flaw to crash the httpd child process using a request that triggers a certain HTTP error. • http://httpd.apache.org/security/vulnerabilities_24.html http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html http://rhn.redhat.com/errata/RHSA-2015-1666.html http://www.apache.org/dist/httpd/CHANGES_2.4 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://www.securityfocus.com/bid/75964 • CWE-476: NULL Pointer Dereference •

CVSS: 1.9EPSS: 0%CPEs: 2EXPL: 0

CVE-2015-2662

https://notcve.org/view.php?id=CVE-2015-2662

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to DHCP Server. Vulnerabilidad no especificada en Oracle Sun Solaris 10 y 11.2, permite a usuarios locales afectar la disponibilidad a través de vectores relacionados con el servidor DHCP. • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securityfocus.com/bid/75886 http://www.securitytracker.com/id/1032914 •

CVSS: 4.0EPSS: 0%CPEs: 33EXPL: 0

CVE-2015-2643 – mysql: unspecified vulnerability related to Server:Optimizer (CPU July 2015)

https://notcve.org/view.php?id=CVE-2015-2643

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.43 y anteriores y 5.6.24 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con Server : Optimizer. • http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html http://rhn.redhat.com/errata/RHSA-2015-1628.html http://rhn.redhat.com/errata/RHSA-2015-1629.html http://rhn.redhat.com/errata/RHSA-2015-1630.html http://rhn.redhat.com/errata/RHSA-2015-1646.html http://rhn.redhat.com/errata/RHSA-2015-1647.html http://rhn.redhat.com/errata/RHSA-2015-1665.html http://www.debian.org/security/2015/dsa-3308 http://www.debian.org/security/2015/dsa-3311 http:// •

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0

CVE-2015-2631

https://notcve.org/view.php?id=CVE-2015-2631

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to rmformat. Vulnerabilidad no especificada en Oracle Sun Solaris 10 y 11.2, permite a usuarios locales afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con rmformat. • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securityfocus.com/bid/75855 http://www.securitytracker.com/id/1032914 •