6 results (0.012 seconds)

CVSS: 9.3EPSS: 1%CPEs: 295EXPL: 0

Buffer overflow in Hitachi Cosminexus V4 through V8, Processing Kit for XML, and Developer's Kit for Java, as used in products such as uCosminexus, Electronic Form Workflow, Groupmax, and IBM XL C/C++ Enterprise Edition 7 and 8, allows remote attackers to have an unknown impact via vectors related to the use of GIF image processing APIs by a Java application, and a different issue from CVE-2007-3794. Desbordamiento de búfer en Hitachi Cosminexus V4 a la V8, Processing Kit para XML, y Developer's Kit para Java, usado en productos como uCosminexus, Electronic Form Workflow, Groupmax, e IBM XL C/C++ Enterprise Edition 7 y 8, permite a atacantes remotos tener un impacto desconocido a través de vectores relacionados con el uso del procesamiento de imágenes GIF mediante APIs para aplicaciones Java. Cuestión distinta del CVE-2007-3794. • http://osvdb.org/57834 http://secunia.com/advisories/36622 http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-014/index.html http://www.securityfocus.com/bid/36309 http://www.vupen.com/english/advisories/2009/2574 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 1%CPEs: 8EXPL: 0

The Java Secure Socket Extension (JSSE) in the Hitachi Cosminexus Developer's Kit for Java in various Hitachi Cosminexus 7.5 products before 07-50-01, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service via certain SSL/TLS handshake requests. NOTE: this may be the same as CVE-2007-3698. La extensión Java Secure Socket Extension (JSSE) en el Hitachi Cosminexus Developer's Kit para Java de varios productos Hitachi Cosminexus 7.5 anteriores a 07-50-01, cuando usan JSSE para el soporte SSL/TLS, permite a atacantes remotos provocar una denegación de servicio mediante determinadas peticiones de negociación SSL/TLS. NOTA: podría ser la misma que CVE-2007-3698. • http://secunia.com/advisories/27075 http://www.hitachi-support.com/security_e/vuls_e/HS07-031_e/index-e.html http://www.securityfocus.com/bid/25935 http://www.vupen.com/english/advisories/2007/3375 https://exchange.xforce.ibmcloud.com/vulnerabilities/36965 • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 65EXPL: 0

The javadoc tool in Cosminexus Developer's Kit for Java in Cosminexus 7 and 7.5 can generate HTML documents that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this is probably the same issue as CVE-2007-3503. La herramienta javadoc del Kit para Java: Cosminexus Developer's de Cosminexus 7 y 7.5 puede generar documentos HTML que contienen vulnerabilidades de secuencias de comandos en sitios cruzados (XSS), lo cual permite a atacantes remotos inyectar scripts web o HTML de su elección mediante vectores no especificados. NOTA: esto es probablemente idéntico a CVE-2007-3503. • http://secunia.com/advisories/26671 http://www.hitachi-support.com/security_e/vuls_e/HS07-027_e/index-e.html http://www.securityfocus.com/bid/25518 http://www.vupen.com/english/advisories/2007/3033 https://exchange.xforce.ibmcloud.com/vulnerabilities/36393 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 1%CPEs: 56EXPL: 0

Multiple unspecified vulnerabilities in the image-processing APIs in Cosminexus Developer's Kit for Java in Cosminexus 4 through 7 allow remote attackers to cause a denial of service via unspecified vectors. Múltiples vulnerabilidades no especificadas en las APIs image-processing del Kit para Java: Cosminexus Developer's de Cosminexus 4 hasta 7 permiten a atacantes remotos provocar una denegación de servicio mediante vectores no especificados. • http://osvdb.org/37858 http://secunia.com/advisories/26538 http://www.hitachi-support.com/security_e/vuls_e/HS07-028_e/index-e.html http://www.vupen.com/english/advisories/2007/3034 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 4%CPEs: 56EXPL: 0

Multiple buffer overflows in the image-processing APIs in Cosminexus Developer's Kit for Java in Cosminexus 4 through 7 allow remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors. Múltiples desbordamientos de búfer en las APIs image-processing del Kit para Java: Cosminexus Developer's de Cosminexus 4 hasta 7 permiten a atacantes remotos provocar una denegación de servicio ó ejecutar código de su elección mediante vectores no especificados. • http://osvdb.org/37857 http://secunia.com/advisories/26538 http://www.hitachi-support.com/security_e/vuls_e/HS07-028_e/index-e.html http://www.vupen.com/english/advisories/2007/3034 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •