CVSS: 4.3EPSS: 1%CPEs: 3EXPL: 0CVE-2015-2471
https://notcve.org/view.php?id=CVE-2015-2471
Microsoft XML Core Services 3.0, 5.0, and 6.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "MSXML Information Disclosure Vulnerability," a different vulnerability than CVE-2015-2434. Vulnerabilidad en Microsoft XML Core Services 3.0, 5.0 y 6.0 admite SSL 2.0, lo que facilita a atacantes remotos romper los mecanismos de protección de cifrado husmeando la red y llevando a cabo un ataque de descifrado, también conocida como 'MSXML Information Disclosure Vulnerability', una vulnerabilidad diferente a CVE-2015-2434. • http://www.securitytracker.com/id/1033241 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-084 • CWE-310: Cryptographic Issues •
CVSS: 5.4EPSS: 66%CPEs: 3EXPL: 0CVE-2015-2440 – Microsoft MSXML generate-id Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-2440
Microsoft XML Core Services 3.0, 5.0, and 6.0 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "MSXML Information Disclosure Vulnerability." Vulnerabilidad en Microsoft XML Core Services 3.0, 5.0 y 6.0, permite a atacantes remotos evadir el mecanismo de protección ASLR a través de una página web manipulada, también conocida como 'MSXML Information Disclosure Vulnerability.' This vulnerability allows remote attackers to gain information about the layout of memory on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the XSLT function generate-id. The unique ID string it returns can be used to infer the address at which an XML Node object is stored in memory. • http://www.securityfocus.com/bid/76232 http://www.securitytracker.com/id/1033241 http://www.zerodayinitiative.com/advisories/ZDI-15-381 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-084 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 66%CPEs: 1EXPL: 0CVE-2015-1646
https://notcve.org/view.php?id=CVE-2015-1646
Microsoft XML Core Services (aka MSXML) 3.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted DTD, aka "MSXML3 Same Origin Policy SFB Vulnerability." Microsoft XML Core Services (también conocido como MSXML) 3.0 permite a atacantes remotos evadir Same Origin Policy y obtener información sensible a través de un DTD manipulado, también conocido como 'vulnerabilidad de SFB de Same Origin Policy de MSXML3.' • http://www.securitytracker.com/id/1032114 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-039 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 90%CPEs: 29EXPL: 0CVE-2015-0085 – Microsoft Word Format Tag Transposition Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-0085
Use-after-free vulnerability in Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 Gold and SP1, Word 2013 Gold and SP1, Office 2013 RT Gold and SP1, Word 2013 RT Gold and SP1, Excel Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Excel Services on SharePoint Server 2013 Gold and SP1, Word Automation Services on SharePoint Server 2013 Gold and SP1, Web Applications 2010 SP2, Office Web Apps Server 2010 SP2, Web Apps Server 2013 Gold and SP1, SharePoint Server 2007 SP3, Windows SharePoint Services 3.0 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold and SP1, and SharePoint Server 2013 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Component Use After Free Vulnerability." Vulnerabilidad de uso después de liberación en Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 Gold and SP1, Word 2013 Gold y SP1, Office 2013 RT Gold y SP1, Word 2013 RT Gold y SP1, Excel Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Excel Services on SharePoint Server 2013 Gold y SP1, Word Automation Services on SharePoint Server 2013 Gold y SP1, Web Applications 2010 SP2, Office Web Apps Server 2010 SP2, Web Apps Server 2013 Gold y SP1, SharePoint Server 2007 SP3, Windows SharePoint Services 3.0 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold y SP1, y SharePoint Server 2013 Gold y SP1 permite a atacantes remotos ejecutar código arbitrario a través de un documento de Office manipulado, también conocido como 'vulnerabilidad del uso después de liberación de componentes de Microsoft Office.' This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the item1.xml file inside of the .docx package. By transposing elements, an attacker is able to cause a pointer to be re-used after it was freed. • http://www.securitytracker.com/id/1031896 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-9152
https://notcve.org/view.php?id=CVE-2014-9152
The _user_resource_create function in the Services module 7.x-3.x before 7.x-3.10 for Drupal uses a password of 1 when creating new user accounts, which makes it easier for remote attackers to guess the password via a brute force attack. La función _user_resource_create en el módulo Services 7.x-3.x anterior a 7.x-3.10 para Drupal utiliza una contraseña de 1 cuando crea cuentas nuevas para usuarios, lo que facilita a atacantes remotos adivinar la contraseña a través de un ataque de fuerza bruta. • http://cgit.drupalcode.org/services/commit/?id=809aafa https://www.drupal.org/node/2344389 https://www.drupal.org/node/2344423 • CWE-255: Credentials Management Errors •