CVSS: 6.8EPSS: 1%CPEs: 4EXPL: 0CVE-2014-1542
https://notcve.org/view.php?id=CVE-2014-1542
Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel count and sample rate. Desbordamiento de buffer en Speex Resampler en el subsystema Web Audio en Mozilla Firefox anterior a 30.0 permite a atacantes remotos ejecutar código arbitrario a través de vectores relacionados con una tasa manipulada de cuenta y muestreo de canales AudioBuffer. • http://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html http://lists.opensuse.org/opensuse-updates/2014-07/msg00001.html http://secunia.com/advisories/59052 http://secunia.com/advisories/59171 http://secunia.com/advisories/59387 http://secunia.com/advisories/59486 http://secunia.com/advisories/59866 http://www.mozilla.org/security/announce/2014/mfsa2014-53.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/67968 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.4EPSS: 97%CPEs: 28EXPL: 3CVE-2014-0224 – openssl: SSL/TLS MITM vulnerability
https://notcve.org/view.php?id=CVE-2014-0224
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. OpenSSL anterior a 0.9.8za, 1.0.0 anterior a 1.0.0m y 1.0.1 anterior a 1.0.1h no restringe debidamente el procesamiento de mensajes ChangeCipherSpec, lo que permite a atacantes man-in-the-middle provocar el uso de una clave maestra de longitud cero en ciertas comunicaciones OpenSSL-a-OpenSSL, y como consecuencia secuestrar sesiones u obtener información sensible, a través de una negociación TLS manipulada, también conocido como la vulnerabilidad de 'inyección CCS'. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. • https://github.com/secretnonempty/CVE-2014-0224 https://github.com/iph0n3/CVE-2014-0224 http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc http://ccsinjection.lepidum.co.jp http://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-1-7.html http://esupport.trendmicro.com/solution/en-US/1103813.aspx http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629 http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195 http://kb.juniper.net/InfoCenter/ • CWE-326: Inadequate Encryption Strength CWE-841: Improper Enforcement of Behavioral Workflow •
CVSS: 4.3EPSS: 1%CPEs: 5EXPL: 3CVE-2014-3004 – Castor Library - XML External Entity Information Disclosure
https://notcve.org/view.php?id=CVE-2014-3004
The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XML document. La configuración por defecto para Xerces SAX Parser en Castor anterior a 1.3.3 permite a atacantes dependientes de contexto realizar ataques de entidad externa XML (XXE) a través de un documento XML manipulado. Castor Library version 1.3.3-RC1 suffers from a file disclosure vulnerability via XXE injection. • https://www.exploit-db.com/exploits/39205 http://lists.opensuse.org/opensuse-updates/2014-06/msg00043.html http://packetstormsecurity.com/files/126854/Castor-Library-XXE-Disclosure.html http://seclists.org/fulldisclosure/2014/May/142 http://secunia.com/advisories/59427 http://www.securityfocus.com/bid/67676 https://quickview.cloudapps.cisco.com/quickview/bug/CSCvm56811 https://www.oracle.com/security-alerts/cpujan2020.html https://www.oracle.com/security-alerts/cpuoct2021.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2012-1600
https://notcve.org/view.php?id=CVE-2012-1600
Multiple cross-site scripting (XSS) vulnerabilities in functions.php in phpPgAdmin before 5.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) type of a function. Múltiples vulnerabilidades de XSS en functions.php en phpPgAdmin anterior a 5.0.4 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del (1) nombre o (2) tipo de una función. • http://lists.opensuse.org/opensuse-updates/2012-04/msg00033.html http://secunia.com/advisories/48574 http://sourceforge.net/p/phppgadmin/mailman/message/28783470 http://www.openwall.com/lists/oss-security/2012/03/28/11 http://www.openwall.com/lists/oss-security/2012/03/29/6 http://www.openwall.com/lists/oss-security/2012/03/30/7 http://www.osvdb.org/80870 http://www.postgresql.org/message-id/4F6B447C.6080204%40dalibo.com http://www.securityfocus.com/bid/52761 https • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 2%CPEs: 11EXPL: 0CVE-2014-1528
https://notcve.org/view.php?id=CVE-2014-1528
The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by painting on a CANVAS element. La función sse2_composite_src_x888_8888 en Pixman, utilizad o en Cairo en Mozilla Firefox 28.0 y SeaMonkey 2.25 en Windows, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (escritura fuera de rango y caída de aplicación) mediante la representación gráfica sobre un elemento CANVAS. • http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html http://secunia.com/advisories/59866 http://www.mozilla.org/security/announce/2014/mfsa2014-41.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securitytracker.com/id/1030163 http://www.securitytracker.com/id/1030164 http://www.ubuntu.com/usn& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •