CVSS: 7.5EPSS: 2%CPEs: 26EXPL: 0CVE-2015-0410 – OpenJDK: DER decoder infinite loop (Security, 8059485)
https://notcve.org/view.php?id=CVE-2015-0410
21 Jan 2015 — Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows remote attackers to affect availability via unknown vectors related to Security. Vulnerabilidad no especificada en el componente Java SE, Java SE Embedded, JRockit en Oracle Java SE 5.0u75, 6u85, 7u72, y 8u25; Java SE Embedded 7u71 y 8u6; y JRockit R27.8.4 y R28.3.4 permite a atacantes remotos afectar la disponibil... • http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.8EPSS: 31%CPEs: 3EXPL: 0CVE-2014-8137 – jasper: double-free in in jas_iccattrval_destroy() (oCERT-2014-012)
https://notcve.org/view.php?id=CVE-2014-8137
19 Dec 2014 — Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file. Doble vulnerabilidad de liberación en la función jas_iccattrval_destroy en JasPer 1.900.1 y anteriores permite a atacantes remotos causar una denegación de servicio (caída) o la posibilidad de ejecutar código arbitrario a través del perfil de color ICC modificad... • http://advisories.mageia.org/MGASA-2014-0539.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 5%CPEs: 3EXPL: 0CVE-2014-8138 – jasper: heap overflow in jp2_decode() (oCERT-2014-012)
https://notcve.org/view.php?id=CVE-2014-8138
19 Dec 2014 — Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 file. Desbordamiento de buffer basado en memoria dinámica en la función jp2_decode en JasPer 1.900.1 y anterior permite a atacantes remotos causar una denegación de servicio (caída) o la posibilidad de ejecutar código arbitrario a través de un archivo modificado JPEG 2000. A heap-based buffer overflow flaw ... • http://advisories.mageia.org/MGASA-2014-0539.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2004-2771 – mailx: command execution flaw
https://notcve.org/view.php?id=CVE-2004-2771
16 Dec 2014 — The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address. La función extendida en fio.c en Heirloom mailx 12.5 y anteriores y BSD mailx 8.1.2 y anteriores permite a atacantes remotos ejecutar comandos arbitrarios a través metacaracteres de shell en una dirección de correo electrónico. A flaw was found in the way mailx handled the parsing of email addresses. A syntacticall... • http://linux.oracle.com/errata/ELSA-2014-1999.html • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 5%CPEs: 31EXPL: 1CVE-2014-8080 – ruby: REXML billion laughs attack via parameter entity expansion
https://notcve.org/view.php?id=CVE-2014-8080
03 Nov 2014 — The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack. El analizador REXML en Ruby 1.9.x anterior a 1.9.3-p550, 2.0.x anterior a 2.0.0-p594, y 2.1.x anterior a 2.1.4 permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de un documento XML manipulado, también conocido como un ataque de ... • http://advisories.mageia.org/MGASA-2014-0443.html • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2014-8333 – openstack-nova: Nova VMware instance in resize state may leak
https://notcve.org/view.php?id=CVE-2014-8333
31 Oct 2014 — The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state. El controlador VMware en OpenStack Compute (Nova) anterior a 2014.1.4 permite a usuarios remotos autenticados causar una denegación de servicio (consumo de disco) mediante la eliminación de un instancia en el estado resize. A flaw was found in the OpenStack Compute (nova) VMWare driver, which could allow an authenticated ... • http://lists.openstack.org/pipermail/openstack-announce/2014-October/000298.html • CWE-399: Resource Management Errors CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 5.0EPSS: 94%CPEs: 147EXPL: 6CVE-2014-3566 – SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack
https://notcve.org/view.php?id=CVE-2014-3566
15 Oct 2014 — The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. El protocolo SSL 3.0, utilizado en OpenSSL hasta 1.0.1i y otros productos, utiliza relleno (padding) CBC no determinístico, lo que facilita a los atacantes man-in-the-middle obtener datos de texto plano a través de un ataque de relleno (padding) oracle, también conocid... • https://github.com/mikesplain/CVE-2014-3566-poodle-cookbook • CWE-310: Cryptographic Issues CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 1CVE-2014-3621 – openstack-keystone: configuration data information leak through Keystone catalog
https://notcve.org/view.php?id=CVE-2014-3621
02 Oct 2014 — The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$(admin_token)" in the publicurl endpoint field. El reemplazo de la URL catalog en OpenStack Identity (Keystone) anterior a versión 2013.2.3 y versiones 2014.1 anteriores a 2014.1.2.1, permite a los usuarios autenticados remotos leer opciones de configuración confidenciales por medio de ... • http://rhn.redhat.com/errata/RHSA-2014-1688.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 88%CPEs: 345EXPL: 23CVE-2014-7169 – GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-7169
25 Sep 2014 — GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a ... • https://packetstorm.news/files/id/128650 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-228: Improper Handling of Syntactically Invalid Structure •
CVSS: 10.0EPSS: 94%CPEs: 345EXPL: 137CVE-2014-6271 – GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-6271
24 Sep 2014 — GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." N... • https://packetstorm.news/files/id/181111 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •