CVSS: 7.8EPSS: 10%CPEs: 152EXPL: 0CVE-2018-5391 – The Linux kernel, versions 3.9+, IP implementation is vulnerable to denial of service conditions with low rates of specially modified packets
https://notcve.org/view.php?id=CVE-2018-5391
14 Aug 2018 — The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size. El kernel de Linux en versio... • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.6EPSS: 0%CPEs: 665EXPL: 6CVE-2018-3639 – AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass
https://notcve.org/view.php?id=CVE-2018-3639
21 May 2018 — Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. Los sistemas con microprocesadores que emplean la ejecución especulativa y que realizan la ejecución especulativa de lecturas de memoria antes de que se conozcan las direcciones de todas l... • https://www.exploit-db.com/exploits/44695 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 4.3EPSS: 96%CPEs: 42EXPL: 1CVE-2015-4000 – LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks
https://notcve.org/view.php?id=CVE-2015-4000
21 May 2015 — The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. El protocolo TLS 1.2 y anteriores, cuando una suite de cifrado DHE_EXPORT está habilitada en un servidor pero no en un cliente, no t... • https://github.com/fatlan/HAProxy-Keepalived-Sec-HighLoads • CWE-310: Cryptographic Issues CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2014-2814
https://notcve.org/view.php?id=CVE-2014-2814
08 Jul 2014 — Microsoft Service Bus 1.1 on Microsoft Windows Server 2008 R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (AMQP messaging outage) via crafted AMQP messages, aka "Service Bus Denial of Service Vulnerability." Microsoft Service Bus 1.1 en Microsoft Windows Server 2008 R2 SP1 y Server 2012 Gold y R2 permite a usuarios remotos autenticados causar una denegación de servicio (interrupción de mensajes AMQP) a través de mensajes AMQP manipulados, también conocido c... • http://secunia.com/advisories/59780 •
CVSS: 7.5EPSS: 36%CPEs: 14EXPL: 0CVE-2013-3868
https://notcve.org/view.php?id=CVE-2013-3868
11 Sep 2013 — Microsoft Active Directory Lightweight Directory Service (AD LDS) on Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows 8 and Active Directory Services on Windows Server 2008 SP2 and R2 SP1 and Server 2012 allow remote attackers to cause a denial of service (LDAP directory-service outage) via a crafted LDAP query, aka "Remote Anonymous DoS Vulnerability." Microsoft Active Directory Lightweight Directory Service (AD LDS) en Windows Vista SP2, Windows Server 2008 SP2, Windows Se... • http://www.us-cert.gov/ncas/alerts/TA13-253A • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0CVE-2012-2532
https://notcve.org/view.php?id=CVE-2012-2532
14 Nov 2012 — Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka "FTP Command Injection Vulnerability." Microsoft FTP Service v7.0 y v7.5 para Internet Information Services (IIS) procesa comandos no especificados antes de que TLS esté habilitado para una sesión, lo que permite a atacantes remotos obtener información sensible ... • http://www.securityfocus.com/bid/56440 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 2%CPEs: 119EXPL: 0CVE-2009-4777
https://notcve.org/view.php?id=CVE-2009-4777
21 Apr 2010 — Unspecified vulnerability in multiple versions of Hitachi JP1/Automatic Job Management System 2 - View, JP1/Integrated Management - View, and JP1/Cm2/SNMP System Observer, allows remote attackers to cause a denial of service ("abnormal" termination) via vectors related to the display of an "invalid GIF file." Vulnerabilidad no especificada en múltiples versiones de Hitachi JP1/Automatic Job Management System 2 - View, JP1/Integrated Management - View, y JP1/Cm2/SNMP System Observer, permite a atacantes remo... • http://osvdb.org/57832 •
CVSS: 10.0EPSS: 0%CPEs: 125EXPL: 0CVE-2007-3794
https://notcve.org/view.php?id=CVE-2007-3794
15 Jul 2007 — Buffer overflow in Hitachi Cosminexus V4 through V7, Processing Kit for XML before 20070511, Developer's Kit for Java before 20070312, and third-party products that use this software, allows attackers to have an unknown impact via certain GIF images, related to use of GIF image processing APIs by a Java application. Desbordamiento de búfer en Hitachi Cosminexus V4 hasta V7, Processing Kit para XML versiones anteriores a 20070511, Developer's Kit para Java versiones anteriores a 20070312, y productos de terc... • http://osvdb.org/37851 •
CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 1CVE-2006-1315 – Microsoft Windows - Mailslot Ring0 Memory Corruption (MS06-035)
https://notcve.org/view.php?id=CVE-2006-1315
11 Jul 2006 — The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are not properly initialized, aka "SMB Information Disclosure Vulnerability." The Server Service (SRV.SYS driver) en Microsoft Windows 2000 SP4, XP SP1 y SP2, Server de 2003 a SP1 y otros productos, permite a atacantes remotos obtener información sensible a través ... • https://www.exploit-db.com/exploits/2057 •
CVSS: 6.2EPSS: 32%CPEs: 67EXPL: 1CVE-2004-1305 – Microsoft Windows Kernel - '.ANI' File Parsing Crash
https://notcve.org/view.php?id=CVE-2004-1305
23 Dec 2004 — The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang. • https://www.exploit-db.com/exploits/721 •