CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2016-5528
https://notcve.org/view.php?id=CVE-2016-5528
27 Jan 2017 — Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GlassFish Server. While the vulnerability is in Oracle GlassFish Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle GlassF... • http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0CVE-2016-5519
https://notcve.org/view.php?id=CVE-2016-5519
25 Oct 2016 — Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to Java Server Faces. Vulnerabilidad no especificada en el componente Oracle GlassFish Server en Oracle Fusion Middleware 2.1.1, 3.0.1 y 3.1.2 permite a usuarios remotos autenticados afectar la confidencialidad, la integridad y la disponibilidad a través de vectores relacionados con ... • http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3608
https://notcve.org/view.php?id=CVE-2016-3608
21 Jul 2016 — Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 allows remote attackers to affect confidentiality via vectors related to Administration. Vulnerabilidad no especificada en el componente Oracle GlassFish Server en Oracle Fusion Middleware 3.0.1 permite a atacantes remotos afectar la confidencialidad, a través de vectores relacionados con Administration. • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5477
https://notcve.org/view.php?id=CVE-2016-5477
21 Jul 2016 — Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1 and 3.0.1 allows remote attackers to affect confidentiality via vectors related to Administration. Vulnerabilidad no especificada en el componente Oracle GlassFish Server en Oracle Fusion Middleware 2.1.1 y 3.0.1 permite a atacantes remotos afectar la confidencialidad a través de vectores relacionados con Administration. • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html •
CVSS: 10.0EPSS: 4%CPEs: 2EXPL: 0CVE-2016-3607 – Oracle Glassfish PartItem Arbitrary File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-3607
21 Jul 2016 — Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Web Container. Vulnerabilidad no especificada en el componente Oracle GlassFish Server en Oracle Fusion Middleware 3.0.1 y 3.1.2 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores relacionados con Web Container. This vulnerability allows ... • http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html •
CVSS: 8.8EPSS: 3%CPEs: 33EXPL: 0CVE-2016-1950 – nss: Heap buffer overflow vulnerability in ASN1 certificate parsing (MFSA 2016-35)
https://notcve.org/view.php?id=CVE-2016-1950
09 Mar 2016 — Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. El desbordamiento de buffer basado en memoria dinámica en Mozilla Network Security Services (NSS) en versiones anteriores a 3.19.2.3 y 3.20.x y 3.21.x en versiones anteriores a 3.21.1, tal y como se utiliza en Mozilla ... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 23%CPEs: 17EXPL: 0CVE-2015-7182 – nss: ASN.1 decoder heap overflow when decoding constructed OCTET STRING that mixes indefinite and definite length encodings (MFSA 2015-133)
https://notcve.org/view.php?id=CVE-2015-7182
04 Nov 2015 — Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data. Desbordamiento de buffer basado en memoria dinámica en el decodificador ASN.1 en Mozilla Network Security Services (NSS) en versiones anteriores a 3.19.2.1 ... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.1EPSS: 3%CPEs: 14EXPL: 0CVE-2015-3237 – Gentoo Linux Security Advisory 201509-02
https://notcve.org/view.php?id=CVE-2015-3237
22 Jun 2015 — The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values. La función smb_request_state en cURL y libcurl 7.40.0 hasta 7.42.1 permite a servidores SMB remotos obtener información sensible de la memoria o causar una denegación de servicio (lectura fuera de rango y caída) a través de valores de longitud y desplazamiento manipulado... • http://curl.haxx.se/docs/adv_20150617B.html • CWE-20: Improper Input Validation •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2013-1508
https://notcve.org/view.php?id=CVE-2013-1508
17 Apr 2013 — Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Middleware Products 3.0.1 and 3.1.2 allows remote attackers to affect integrity via vectors related to REST Interface. Vulnerabilidad no especificada en el componente Oracle GlassFish Server em Oracle Sun Middleware Products 3.0.1 y 3.1.2, permite a atacantes remotos comprometer la integridad a través de vectores relacionados con REST Interface. • http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 •
CVSS: 7.5EPSS: 0%CPEs: 25EXPL: 0CVE-2013-1620 – nss: TLS CBC padding timing attack
https://notcve.org/view.php?id=CVE-2013-1620
08 Feb 2013 — The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. La implementación en Mozilla Network Security Services (NSS) de TLS no tiene debidamente en cuenta tiempos de canal... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 • CWE-203: Observable Discrepancy •