CVSS: 10.0EPSS: 0%CPEs: 160EXPL: 0CVE-2015-2808 – SSL/TLS: "Invariance Weakness" vulnerability in RC4 stream cipher
https://notcve.org/view.php?id=CVE-2015-2808
01 Apr 2015 — The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue. El algoritmo RC4, utilizado en el protocolo TLS y el prot... • http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 9.8EPSS: 1%CPEs: 13EXPL: 0CVE-2009-1721 – Gentoo Linux Security Advisory 201312-07
https://notcve.org/view.php?id=CVE-2009-1721
31 Jul 2009 — The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer. La implementación de la descompresión en la función Imf::hufUncompress en OpenEXR v1.2.2 y v1.6.1 permite a los atacantes dependientes del contexto provocar una denegación de servicio (finalización de la aplicación) o posiblemente ejecut... • http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html • CWE-824: Access of Uninitialized Pointer •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2008-4636
https://notcve.org/view.php?id=CVE-2008-4636
27 Nov 2008 — yast2-backup 2.14.2 through 2.16.6 on SUSE Linux and Novell Linux allows local users to gain privileges via shell metacharacters in filenames used by the backup process. yast2-backup de 2.14.2 a 2.16.6 en SUSE Linux y Novell Linux permite a usuarios locales obtener privilegios a través de metacaracteres de consola en nombres de archivos usados por el proceso de copia de respaldo. • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00003.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 75%CPEs: 22EXPL: 0CVE-2008-5021 – Mozilla Firefox Input Box Type Property Dangling Pointer Vulnerability
https://notcve.org/view.php?id=CVE-2008-5021
12 Nov 2008 — nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory. nsFrameManager en Firefox v3.x antes de la v3.0.4, Firefox v2.x antes de la v2.0.0.18, Thunderbird 2.x antes de la v2.0.0.18, y SeaMo... • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.1EPSS: 10%CPEs: 9EXPL: 0CVE-2008-2939 – httpd: mod_proxy_ftp globbing XSS
https://notcve.org/view.php?id=CVE-2008-2939
06 Aug 2008 — Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI. Vulnerabilidad de XSS en proxy_ftp.c en el módulo mod_proxy_ftp en Apache 2.0.63 y en versiones anteriores y mod_proxy_ftp.c en el módulo mod_proxy_ftp en Apache 2.2.9... • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2008-2389
https://notcve.org/view.php?id=CVE-2008-2389
06 Jun 2008 — opensuse-updater in openSUSE 10.2 allows local users to access arbitrary files via a symlink attack. Actualizador de opensuse (opensuse-updater) en openSUSE 10.2 permite a ususarios locales acceder a archivos arbitrarios a través de ataque symlink. • http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2008-2388
https://notcve.org/view.php?id=CVE-2008-2388
06 Jun 2008 — Multiple off-by-one errors in opensuse-updater in openSUSE 10.2 have unspecified impact and attack vectors. NOTE: the vendor states that these "can be considered no security problem." Múltiples errores de superación de límite (off-by-one) en el actualizador de opensuse (opensuse-updater) en openSUSE 10.2 tienen un impacto no especificado y vectores de ataque. NOTA: el fabricante afirma que estos errores "no pueden ser considerados un problema de seguridad". • http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html • CWE-189: Numeric Errors •
CVSS: 7.0EPSS: 0%CPEs: 14EXPL: 0CVE-2008-1375 – kernel: race condition in dnotify (local DoS, local roothole possible)
https://notcve.org/view.php?id=CVE-2008-1375
02 May 2008 — Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors. Una condición de carrera en el subsistema directory notification (dnotify) en el Kernel de Linux versiones 2.6.x anteriores a 2.6.24.6, y versiones 2.6.25 anteriores a 2.6.25.1, permite a usuarios locales causar una denegación de servicio (OOPS) y posiblemente alcanzar p... • http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2008-1567
https://notcve.org/view.php?id=CVE-2008-1567
31 Mar 2008 — phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information. phpMyAdmin versiones anteriores a 2.11.5.1, almacena la clave secreta MySQL de (1) nombre de usuario (2) contraseña, y (3) Blowfish, en texto sin cifrar en un archivo de Sesión bajo /tmp, que permite a los usuarios locales obtener información confidencial. • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 5%CPEs: 19EXPL: 0CVE-2008-0063 – krb5: possible leak of sensitive data from krb5kdc using krb4 request
https://notcve.org/view.php?id=CVE-2008-0063
19 Mar 2008 — The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values." El soporte Kerberos 4 en KDC en MIT Kerberos 5 (krb5kdc) no borra apropiadamente la parte no utilizada de un búfer cuando se genera un mensaje de error, lo que podría permitir a los atacantes remotos obtener información confidencial, también se conoce como "Unini... • http://docs.info.apple.com/article.html?artnum=307562 • CWE-908: Use of Uninitialized Resource •