CVSS: 7.5EPSS: 1%CPEs: 14EXPL: 0CVE-2015-8027 – Gentoo Linux Security Advisory 201612-43
https://notcve.org/view.php?id=CVE-2015-8027
02 Jan 2016 — Node.js 0.12.x before 0.12.9, 4.x before 4.2.3, and 5.x before 5.1.1 does not ensure the availability of a parser for each HTTP socket, which allows remote attackers to cause a denial of service (uncaughtException and service outage) via a pipelined HTTP request. Node.js 0.12.x en versiones anteriores a 0.12.9, 4.x en versiones anteriores a 4.2.3 y 5.x en versiones anteriores a 5.1.1 no asegura la disponibilidad de un analizador para cada socket HTTP, lo que permite a atacantes remotos provocar una denegaci... • http://lists.opensuse.org/opensuse-updates/2016-01/msg00045.html • CWE-17: DEPRECATED: Code •
CVSS: 7.5EPSS: 20%CPEs: 12EXPL: 0CVE-2015-3193 – OpenSSL Security Advisory 20171102
https://notcve.org/view.php?id=CVE-2015-3193
03 Dec 2015 — The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite. La implementación de exponenciación al cuadrado de Montgomery en crypto/bn/asm/x86_64-mont5.pl e... • http://fortiguard.com/advisory/openssl-advisory-december-2015 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 13%CPEs: 6EXPL: 0CVE-2015-6764 – v8: unspecified out-of-bounds access vulnerability
https://notcve.org/view.php?id=CVE-2015-6764
03 Dec 2015 — The BasicJsonStringifier::SerializeJSArray function in json-stringifier.h in the JSON stringifier in Google V8, as used in Google Chrome before 47.0.2526.73, improperly loads array elements, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via crafted JavaScript code. La función BasicJsonStringifier::SerializeJSArray en json-stringifier.h en el stringifier JSON en Google V8, como se utiliza en Google Chrome en versiones anteri... • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 56%CPEs: 32EXPL: 1CVE-2015-3194 – OpenSSL: Certificate verify crash with missing PSS parameter
https://notcve.org/view.php?id=CVE-2015-3194
03 Dec 2015 — crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter. crypto/rsa/rsa_ameth.c en OpenSSL 1.0.1 en versiones anteriores a 1.0.1q y 1.0.2 en versiones anteriores a 1.0.2e permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída de aplicación) a través de una firma RS... • https://github.com/Trinadh465/OpenSSL-1_0_1g_CVE-2015-3194 • CWE-476: NULL Pointer Dereference •