Page 12 of 74 results (0.016 seconds)

CVSS: 5.0EPSS: 0%CPEs: 64EXPL: 0

CVE-2015-4902 – Oracle Java SE Integrity Check Vulnerability

https://notcve.org/view.php?id=CVE-2015-4902

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors related to Deployment. Vulnerabilidad no especificada en Oracle Java SE 6u101, 7u85 y 8u60 permite a atacantes remotos afectar a la integridad a través de vectores desconocidos relacionados con Deployment. Unspecified vulnerability in Oracle Java SE allows remote attackers to affect integrity via Unknown vectors related to deployment. • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2015-12 •

CVSS: 5.5EPSS: 0%CPEs: 30EXPL: 0

CVE-2015-1931 – JDK: plain text data stored in memory dumps

https://notcve.org/view.php?id=CVE-2015-1931

IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file. IBM Java Security Components en IBM SDK, Java Technology Edition 8 versiones anteriores a SR1 FP10, 7 R1 anteriores a SR3 FP10, 7 anteriores a SR9 FP10, 6 R1 anteriores a SR8 FP7, 6 anteriores a SR16 FP7, y 5.0 anteriores a SR16 FP13, almacena información de texto plano en volcados de memoria, lo que permite a usuarios locales obtener información confidencial al leer un archivo • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00051.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00014.html http://rhn.redhat.com/errata/RHSA-2015-1485.html http://rhn.redhat.com/errata/RHSA-2015-1486.html http://rhn.redhat.com/errata/RHSA-2015-1488.html http://rhn.redhat.com/errata/RHSA-2015-1544.html http://rhn.redhat.com/errata/RHSA-2015-1604.html http://www-01.ibm.com/support/docview.wss?uid=swg1IV75182 http://www-01.ibm&# • CWE-312: Cleartext Storage of Sensitive Information •

CVSS: 5.0EPSS: 0%CPEs: 160EXPL: 0

CVE-2015-2808 – SSL/TLS: "Invariance Weakness" vulnerability in RC4 stream cipher

https://notcve.org/view.php?id=CVE-2015-2808

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue. El algoritmo RC4, utilizado en el protocolo TLS y el protocolo SSL, no combina correctamente los datos de estados con los datos de claves durante la fase de inicialización, lo que facilita a atacantes remotos realizar ataques de recuperación de texto claro contra los bytes iniciales de un flujo mediante la captura de trafico de la red que ocasionalmente depende de claves afectadas por la debilidad de la invariabilidad (Invariance Weakness), y posteriormente utilizar un acercamiento de fuerza bruta que involucra valores LSB, también conocido como el problema de 'Bar Mitzvah'. • http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727 http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVSS: 3.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2014-7812 – Spacewalk: XSS in system-group

https://notcve.org/view.php?id=CVE-2014-7812

Cross-site scripting (XSS) vulnerability in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allows remote authenticated users to inject arbitrary web script or HTML via the System Groups field. Vulnerabilidad de XSS en Spacewalk y Red Hat Network (RHN) Satellite anterior a 5.7.0 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través del campo System Groups • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00020.html http://rhn.redhat.com/errata/RHSA-2015-0033.html http://secunia.com/advisories/62183 https://access.redhat.com/security/cve/CVE-2014-7812 https://bugzilla.redhat.com/show_bug.cgi?id=1172934 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0

CVE-2014-3654 – Satellite: Spacewalk contains multiple XSS (stored and reflected)

https://notcve.org/view.php?id=CVE-2014-3654

Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) kickstart/cobbler/CustomSnippetList.do, (2) channels/software/Entitlements.do, or (3) admin/multiorg/OrgUsers.do. Múltiples vulnerabilidades de XSS en spacewalk-java 2.0.2 en Spacewalk and Red Hat Network (RHN) Satellite 5.5 y 5.6 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados en (1) kickstart/cobbler/CustomSnippetList.do, (2) channels/software/Entitlements.do, o (3) admin/multiorg/OrgUsers.do. Stored and reflected cross-site scripting (XSS) flaws were found in the way spacewalk-java displayed certain information. By sending a specially crafted request to Satellite, a remote, authenticated attacker could embed HTML content into the stored data, allowing them to inject malicious content into the web page that is used to view that data. • http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00010.html http://rhn.redhat.com/errata/RHSA-2014-1762.html http://secunia.com/advisories/60976 http://secunia.com/advisories/62027 https://access.redhat.com/security/cve/CVE-2014-3654 https://bugzilla.redhat.com/show_bug.cgi?id=1144628 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •