CVSS: 10.0EPSS: 0%CPEs: 160EXPL: 0CVE-2015-2808 – SSL/TLS: "Invariance Weakness" vulnerability in RC4 stream cipher
https://notcve.org/view.php?id=CVE-2015-2808
01 Apr 2015 — The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue. El algoritmo RC4, utilizado en el protocolo TLS y el prot... • http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 2CVE-2014-8121 – glibc: Unexpected closing of nss_files databases after lookups causes denial of service
https://notcve.org/view.php?id=CVE-2014-8121
05 Mar 2015 — DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset. DB_LOOKUP en nss_files/files-XXX.c en Name Service Switch (NSS) en GNU C Library (también conocida como glibc o libc6) 2.21 y versiones anteriores no comprueba cor... • http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html • CWE-17: DEPRECATED: Code CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 10.0EPSS: 97%CPEs: 23EXPL: 5CVE-2015-0313 – Adobe Flash Player Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2015-0313
02 Feb 2015 — Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different vulnerability than CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322. Vulnerabilidad de uso después de liberación de memoria en Adobe Flash Player en versiones anteriores a 13.0.0.269 y 14.x hasta la versión 16.x en versio... • https://packetstorm.news/files/id/131189 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 97%CPEs: 20EXPL: 3CVE-2015-0311 – Adobe Flash Player Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-0311
23 Jan 2015 — Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015. Vulnerabilidad no especificada en Adobe Flash Player hasta 13.0.0.262 y 14.x, 15.x, y 16.x hasta 16.0.0.287 en Windows y OS X y hasta 11.2.202.438 en Linux permite a atacantes remotos ejecutar código arbitrario a través de vectores de... • https://packetstorm.news/files/id/130788 •
CVSS: 10.0EPSS: 90%CPEs: 345EXPL: 23CVE-2014-7169 – GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-7169
25 Sep 2014 — GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a ... • https://packetstorm.news/files/id/128650 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-228: Improper Handling of Syntactically Invalid Structure •
CVSS: 10.0EPSS: 97%CPEs: 345EXPL: 134CVE-2014-6271 – GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-6271
24 Sep 2014 — GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." N... • https://packetstorm.news/files/id/181111 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 2%CPEs: 67EXPL: 0CVE-2014-0553 – flash-plugin: multiple code execution or security bypass flaws (APSB14-21)
https://notcve.org/view.php?id=CVE-2014-0553
10 Sep 2014 — Use-after-free vulnerability in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allows attackers to execute arbitrary code via unspecified vectors. Vulnerabilidad de uso después de liberación en Adobe Flash Player anterior a 13.0.0.244 y 14.x y 15.x anterior a 15.0.0.152... • http://helpx.adobe.com/security/products/flash-player/apsb14-21.html •
CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0CVE-2014-2484
https://notcve.org/view.php?id=CVE-2014-2484
17 Jul 2014 — Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRFTS. Vulnerabilidad no especificada en el componente MySQL Server en Oracle MySQL 5.6.17 y anteriores permite a usuarios remoto autenticados afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con SRFTS. • http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html •
CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0CVE-2014-4214
https://notcve.org/view.php?id=CVE-2014-4214
17 Jul 2014 — Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRSP. Vulnerabilidad no especificada en el componente MySQL Server en Oracle MySQL 5.6.17 y anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con SRSP. • http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html •
CVSS: 9.1EPSS: 0%CPEs: 14EXPL: 0CVE-2014-4260 – mysql: unspecified vulnerability related to SRCHAR (CPU July 2014)
https://notcve.org/view.php?id=CVE-2014-4260
17 Jul 2014 — Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR. Vulnerabilidad no especificada en el componente MySQL Server en Oracle MySQL 5.5.37 y anteriores y 5.6.17 y anteriores, permite a usuarios remotos autenticados afectar la integridad y disponibilidad a través de vectores relacionados con SRCHAR. Multiple security issues were discovered in MySQL... • http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html •