CVSS: 9.0EPSS: 1%CPEs: 19EXPL: 0CVE-2015-3144 – Gentoo Linux Security Advisory 201509-02
https://notcve.org/view.php?id=CVE-2015-3144
22 Apr 2015 — The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by "http://:80" and ":80." La función fix_hostname en cURL y libcurl 7.37.0 hasta 7.41.0 no calcula correctamente un indice, lo que permite a atacantes remotos causar una denegación de servicio (lectura o escritura fuera... • http://curl.haxx.se/docs/adv_20150422D.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 7%CPEs: 56EXPL: 0CVE-2013-4316
https://notcve.org/view.php?id=CVE-2013-4316
30 Sep 2013 — Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors. Apache Struts 2.0.0 hasta la versión 2.3.15.1 habilita por defecto Dynamic Method Invocation, lo cual tiene un impacto y vectores de ataque desconocidos. • http://archives.neohapsis.com/archives/bugtraq/2013-09/0107.html • CWE-16: Configuration CWE-284: Improper Access Control •