CVSS: 9.3EPSS: 5%CPEs: 2EXPL: 1CVE-2015-4523 – Oracle VM VirtualBox 4.3.6 - 3D Acceleration Virtual Machine Escape
https://notcve.org/view.php?id=CVE-2015-4523
11 Sep 2017 — Blue Coat Malware Analysis Appliance (MAA) before 4.2.5 and Malware Analyzer G2 allow remote attackers to bypass a virtual machine protection mechanism and consequently write to arbitrary files, cause a denial of service (host reboot or reset to factory defaults), or execute arbitrary code via vectors related to saving files during analysis. Blue Coat Malware Analysis Appliance (MAA) en versiones anteriores a la 4.2.5 y Malware Analyzer G2 permiten a los atacantes remotos omitir un mecanismo de protección d... • https://www.exploit-db.com/exploits/34334 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0937
https://notcve.org/view.php?id=CVE-2015-0937
17 Apr 2015 — Cross-site scripting (XSS) vulnerability in search.php on the Blue Coat Malware Analysis appliance with software before 4.2.4.20150312-RELEASE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en search.php en el dispositivo Blue Coat Malware Analysis con software anterior a 4.2.4.20150312-RELEASE permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados. • http://www.kb.cert.org/vuls/id/274244 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0938
https://notcve.org/view.php?id=CVE-2015-0938
17 Apr 2015 — search.php on the Blue Coat Malware Analysis appliance with software before 4.2.4.20150312-RELEASE allows remote attackers to bypass intended access restrictions, and list or read arbitrary documents, by providing matching keywords in conjunction with a crafted parameter. search.php en el dispositivo Blue Coat Malware Analysis con software anterior a 4.2.4.20150312-RELEASE permite a atacantes remotos evadir las restricciones de acceso, y listar o leer documentos arbitrarios, mediante la provisión de palabra... • http://www.kb.cert.org/vuls/id/274244 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •