CVE-2015-2808 – SSL/TLS: "Invariance Weakness" vulnerability in RC4 stream cipher
https://notcve.org/view.php?id=CVE-2015-2808
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue. El algoritmo RC4, utilizado en el protocolo TLS y el protocolo SSL, no combina correctamente los datos de estados con los datos de claves durante la fase de inicialización, lo que facilita a atacantes remotos realizar ataques de recuperación de texto claro contra los bytes iniciales de un flujo mediante la captura de trafico de la red que ocasionalmente depende de claves afectadas por la debilidad de la invariabilidad (Invariance Weakness), y posteriormente utilizar un acercamiento de fuerza bruta que involucra valores LSB, también conocido como el problema de 'Bar Mitzvah'. • http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727 http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2013-4458 – glibc: Stack (frame) overflow in getaddrinfo() when called with AF_INET6
https://notcve.org/view.php?id=CVE-2013-4458
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914. Desbordamiento de búfer basado en pila en la función getaddrinfo en sysdeps/posix/getaddrinfo.c de GNU C Library (también conocido como glibc o libc6) 2.18 y anteriores versiones permite a atacantes remotos provocar una denegación de servicio (caída) a través de (1) un nombre de host o (2) dirección IP que desencadena un gran número de resultados de dirección AF_INET6. NOTA: esta vulnerabilidad existe por un parche incompleto para CVE-2013-1914. It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html http://www.mandriva.com/security/advisories?name=MDVSA-2013:283 http://www.mandriva.com/security/advisories?name=MDVSA-2013:284 https://security.gentoo.org/glsa/201503-04 https://sourceware.org/bugzilla/show_bug.cgi?id=16072 https://sourceware.org/ml/libc-alpha/2013-10/msg00733.html https://access.redhat.com/security/cve/CVE-2013-4458 https://bugzilla.redhat.com/show_bug.cgi?id=1022280 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVE-2009-3953 – Adobe Acrobat and Reader Universal 3D Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2009-3953
The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994. La implementación U3D en Adobe Reader y Acrobat v9.x anterior a v9.3, y v8.x anterior a v8.2 sobre Windows y Mac OS X, podría permitir a atacantes ejecutar código de su elección a través de vectores no especificados, relacionados con una "cuestión de limitación en el array". Adobe Acrobat and Reader contains an array boundary issue in Universal 3D (U3D) support that could lead to remote code execution. • https://www.exploit-db.com/exploits/16622 http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html http://osvdb.org/61690 http://secunia.com/advisories/38138 http://secunia.com/advisories/38215 http://www.adobe.com/support/security/bulletins/apsb10-02.html http://www.metasploit.com/modules/exploit/windows/fileformat/adobe_u3d_meshdecl http://www.redhat.com/support/errata/RHSA-2010-0060.html http://www.securityfocus.com/bid/37758 http://www.securitytracker.com/i • CWE-787: Out-of-bounds Write •
CVE-2009-4324 – Adobe Acrobat and Reader Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2009-4324
Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009. La vulnerabilidad de uso de la memoria previamente liberada (Use-after-free) en la función Doc.media.newPlayer en el archivo Multimedia.api en Adobe Reader y Acrobat versión 9.x anterior a 9.3, y versión 8.x anterior a 8.2 en Windows y Mac OS X, permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo PDF creado utilizando una transmisión comprimida ZLib, tal como se explotó “in the wild” en diciembre de 2009. Use-after-free vulnerability in Adobe Acrobat and Reader allows remote attackers to execute code via a crafted PDF file. • https://www.exploit-db.com/exploits/16503 https://www.exploit-db.com/exploits/16623 https://www.exploit-db.com/exploits/10618 http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html http://contagiodump.blogspot.com/2009/12/virustotal-httpwww.html http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html http://osvdb.org/60980 http://secunia.com/advisories/37690 http://secunia.com/advisories/38138 http://secunia.com/advisories/38215 http: • CWE-416: Use After Free •
CVE-2009-2472 – Mozilla multiple cross origin wrapper bypasses
https://notcve.org/view.php?id=CVE-2009-2472
Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted document, related to a "cross origin wrapper bypass." Mozilla Firefox anteriores a v3.0.12 no usa siempre XPCCrossOriginWrapper cuando es requerido durante la construcción del objeto, lo que permite a atacantes remotos eludir la "Same Origin Policy" y realizar ataques de secuencias de comandos en sitios cruzados (XSS) mediante un documento manipulado, relacionado con una "cross origin wrapper bypass." • http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.html http://rhn.redhat.com/errata/RHSA-2009-1162.html http://secunia.com/advisories/35914 http://secunia.com/advisories/35944 http://secunia.com/advisories/36005 http://secunia.com/advisories/36145 http://sunsolve.sun.com/search/document.do?assetkey=1-26-265068-1 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020800.1-1 http: • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •