CVSS: 9.8EPSS: 3%CPEs: 14EXPL: 0CVE-2014-0458 – OpenJDK: Activation framework default command map caching (JAX-WS, 8025152)
https://notcve.org/view.php?id=CVE-2014-0458
16 Apr 2014 — Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-2423. Vulnerabilidad no especificada en Oracle Java SE 6u71, 7u51, y 8, y Java SE Embedded 7u51, permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores relacionados con JAX-WS, una vulnerabilidad diferen... • http://marc.info/?l=bugtraq&m=140852886808946&w=2 •
CVSS: 9.8EPSS: 3%CPEs: 12EXPL: 0CVE-2014-0459 – lcms: insufficient ICC profile version validation (OpenJDK 2D, 8031335)
https://notcve.org/view.php?id=CVE-2014-0459
16 Apr 2014 — Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D. Vulnerabilidad no especificada en Oracle Java SE 7u51 y 8, y Java SE Embedded 7u51, permite a atacantes remotos afectar la disponibilidad a través de vectores desconocidos relacionados con 2D. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw w... • http://marc.info/?l=bugtraq&m=140852886808946&w=2 •
CVSS: 9.8EPSS: 1%CPEs: 19EXPL: 0CVE-2014-0460 – OpenJDK: missing randomization of JNDI DNS client query IDs (JNDI, 8030731)
https://notcve.org/view.php?id=CVE-2014-0460
16 Apr 2014 — Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vectors related to JNDI. Vulnerabilidad no especificada en Oracle Java SE 5.0u61, 6u71, 7u51, y 8; JRockit R27.8.1 y R28.3.1; y Java SE Embedded 7u51 permite a atacantes remotos afectar a la confidencialidad e integridad mediante vectores relacionados con JNDI. The java-1.7.0-openjdk packages provide the OpenJDK 7 Ja... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 •
CVSS: 9.8EPSS: 10%CPEs: 17EXPL: 0CVE-2014-0461 – OpenJDK: Better ScriptEngineManager ScriptEngine management (Libraries, 8036794)
https://notcve.org/view.php?id=CVE-2014-0461
16 Apr 2014 — Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Vulnerabilidad no especificada en Oracle Java SE 6u71, 7u51, y 8, y Java SE Embedded 7u51, permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores relacionados con las librerías. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Envir... • http://marc.info/?l=bugtraq&m=140852886808946&w=2 •
CVSS: 10.0EPSS: 10%CPEs: 22EXPL: 0CVE-2014-0429 – OpenJDK: Incorrect mlib/raster image validation (2D, 8027841)
https://notcve.org/view.php?id=CVE-2014-0429
15 Apr 2014 — Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Vulnerabilidad no especificada en Oracle Java SE 5.0u61, 6u71, 7u51, y 8; JRockit R27.8.1 y R28.3.1; y Java SE Embedded 7u51 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con 2D. The jav... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 •
CVSS: 9.8EPSS: 4%CPEs: 16EXPL: 0CVE-2014-0446 – OpenJDK: Protect logger handlers (Libraries, 8029740)
https://notcve.org/view.php?id=CVE-2014-0446
15 Apr 2014 — Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Vulnerabilidad no especificada en Oracle Java SE 5.0u61, 6u71, 7u51, y 8, y Java SE Embedded 7u51, permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con las librerías. The java-1.7.0-openjdk packages provide the... • http://marc.info/?l=bugtraq&m=140852886808946&w=2 •
CVSS: 7.5EPSS: 94%CPEs: 54EXPL: 84CVE-2014-0160 – OpenSSL Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2014-0160
07 Apr 2014 — The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. Las implementaciones de (1) TLS y (2) DTLS en OpenSSL 1.0.1 en versiones anteriores a 1.0.1g no manejan adecuadamente paquetes Heartbeat Extension, lo qu... • https://packetstorm.news/files/id/180746 • CWE-125: Out-of-bounds Read CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 6.2EPSS: 2%CPEs: 6EXPL: 2CVE-2013-7345 – file: extensive backtracking in awk rule regular expression
https://notcve.org/view.php?id=CVE-2013-7345
23 Mar 2014 — The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters. La expresión regular BEGIN en el detector de script de awk en el archivo magic/Magdir/commands anterior a 5.15 utiliza múltiples comodines con ... • http://bugs.gw.com/view.php?id=164 • CWE-407: Inefficient Algorithmic Complexity •
CVSS: 9.8EPSS: 92%CPEs: 9EXPL: 3CVE-2014-2323 – HP Security Bulletin HPSBGN03191 1
https://notcve.org/view.php?id=CVE-2014-2323
13 Mar 2014 — SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname. Vulnerabilidad de inyección SQL en mod_mysql_vhost.c en lighttpd anterior a 1.4.35 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del nombre de host, relacionado con request_check_hostname. A potential security vulnerabilities have been identified with HP Remote Device Access: Virtual Customer Access... • https://github.com/cirocosta/lighty-sqlinj-demo • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 78%CPEs: 11EXPL: 3CVE-2014-2324 – HP Security Bulletin HPSBGN03191 1
https://notcve.org/view.php?id=CVE-2014-2324
13 Mar 2014 — Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname. Múltiples vulnerabilidades de salto de directorio en (1) mod_evhost y (2) mod_simple_vhost en lighttpd anterior a 1.4.35 permiten a atacantes remotos leer archivos arbitrarios a través de un .. (punto punto) en el nombre de host, relacionado con request_check_hostname. A potenti... • https://github.com/sp4c30x1/uc_httpd_exploit • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •