CVSS: 5.0EPSS: 2%CPEs: 10EXPL: 0CVE-2014-1498
https://notcve.org/view.php?id=CVE-2014-1498
The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algorithm. El método crypto.generateCRMFRequest en Mozilla Firefox anterior a 28.0 y SeaMonkey anterior a 2.25 no valida debidamente cierto tipo de clave, lo que permite a atacantes remotos causar una denegación de servicio (caída de aplicación) a través de vectores que provocan la generación de una clave que soporta el algoritmo Elliptic Curve ec-dual-use. • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html http://www.mozilla.org/security/announce/2014/mfsa2014-18.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html https://bugzilla.mozilla.org/show_bug.cgi?id=935618 https://s • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 2.6EPSS: 0%CPEs: 10EXPL: 0CVE-2014-1504
https://notcve.org/view.php?id=CVE-2014-1504
The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document that is accessed after a browser restart. La funcionalidad session-restore en Mozilla Firefox anterior a 28.0 y SeaMonkey anterior a 2.25 no considera Content Security Policy de un dato: URL, lo que facilita a atacantes remotos realizar ataques de XSS a través de un documento manipulado que es accedido después de un reinicio de navegador. • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html http://www.mozilla.org/security/announce/2014/mfsa2014-23.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html https://bugzilla.mozilla.org/show_bug.cgi?id=911547 https://s • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.8EPSS: 0%CPEs: 16EXPL: 0CVE-2011-4093
https://notcve.org/view.php?id=CVE-2011-4093
Integer overflow in inc/server.hpp in libnet6 (aka net6) before 1.3.14 might allow remote attackers to hijack connections and gain privileges as other users by making a large number of connections until the overflow occurs and an ID of another user is provided. Desbordamiento de enteros en inc/server.hpp en libnet6 (también conocido como net6) anterior a 1.3.14 podría permitir a atacantes remotos secuestrar conexiones y ganar privilegios como otros usuarios mediante la realización de un gran número de conexiones hasta que el desbordamiento ocurre y la identidad de otro usuario es proporcionado. • http://git.0x539.de/?p=net6.git%3Ba=commitdiff%3Bh=ac61d7fb42a1f977fb527e024bede319c4a9e169%3Bhp=08c8e2261604c6fcbbaf62f9ae9d13f7015fcb9a http://lists.opensuse.org/opensuse-updates/2012-01/msg00044.html http://lists.opensuse.org/opensuse-updates/2012-01/msg00054.html http://www.openwall.com/lists/oss-security/2011/10/31/1 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html https://bugzilla.novell.com/show_bug.cgi?id=727710 https://bugzilla.redhat.com/show_bug.cgi?id=750631 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.0EPSS: 0%CPEs: 16EXPL: 0CVE-2011-4091
https://notcve.org/view.php?id=CVE-2011-4091
The libobby server in inc/server.hpp in libnet6 (aka net6) before 1.3.14 does not perform authentication before checking the user name, which allows remote attackers to obtain sensitive information such as server-usage patterns by a particular user and color preferences. El servidor de libobby en inc/server.hpp en libnet6 (también conocido como net6) anterior a 1.3.14 no realiza autenticación antes de comprobar el nombre de usuario, lo que permite a atacantes remotos obtener información sensible tal como patrones de uso del servidor de un usuario especifico y preferencias de color. • http://git.0x539.de/?p=net6.git%3Ba=commitdiff%3Bh=84afca022f063f89bfcd4bb32b1ee911f555abf1%3Bhp=ac61d7fb42a1f977fb527e024bede319c4a9e169 http://lists.opensuse.org/opensuse-updates/2012-01/msg00044.html http://lists.opensuse.org/opensuse-updates/2012-01/msg00054.html http://www.openwall.com/lists/oss-security/2011/10/31/1 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html https://bugzilla.novell.com/show_bug.cgi?id=727708 https://bugzilla.redhat.com/show_bug.cgi?id=750632 • CWE-287: Improper Authentication •
CVSS: 5.0EPSS: 0%CPEs: 223EXPL: 0CVE-2014-1484
https://notcve.org/view.php?id=CVE-2014-1484
Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers to obtain sensitive information via a crafted application. Mozilla Firefox anterior a 27.0 en Android 4.2 y anteriores crea entradas en el registro del sistema que contienen rutas de perfil, lo que permite a atacantes remotos obtener información sensible a través de una aplicación manipulada. • http://archives.neohapsis.com/archives/bugtraq/2014-03/0153.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html http://osvdb.org/102870 http://www.mozilla.org/security/announce/2014/mfsa2014-06.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/65323 http://www.securitytracker.com/id/1029719 https://bugzilla.mozilla.org/show • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •