CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2016-0678
https://notcve.org/view.php?id=CVE-2016-0678
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.18 allows local users to affect confidentiality, integrity, and availability via vectors related to Core. Vulnerabilidad no especificada en el componente Oracle VM VirtualBox en Oracle Virtualization VirtualBox en versiones anteriores a 5.0.18 permite a usuarios locales afectar a la confidencialidad, integridad y disponibilidad a través de vectores relacionados con Core. • http://lists.opensuse.org/opensuse-updates/2016-05/msg00130.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00002.html http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html http://www.securitytracker.com/id/1035607 •
CVSS: 5.9EPSS: 1%CPEs: 38EXPL: 0CVE-2015-3197 – OpenSSL: SSLv2 doesn't block disabled ciphers
https://notcve.org/view.php?id=CVE-2015-3197
ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions. ssl/s2_srvr.c en OpenSSL 1.0.1 en versiones anteriores a 1.0.1r y 1.0.2 en versiones anteriores a 1.0.2f no impide el uso de cifrados deshabilitados, lo que hace que sea más fácil para atacantes man-in-the-middle vencer los mecanismos de protección criptográfica llevando a cabo cálculos sobre tráfico SSLv2, relacionado con las funciones get_client_master_key y get_client_hello. A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that were disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176373.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-310: Cryptographic Issues •
CVSS: 2.1EPSS: 0%CPEs: 4EXPL: 0CVE-2016-0592
https://notcve.org/view.php?id=CVE-2016-0592
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.36 and before 5.0.14 allows local users to affect availability via unknown vectors related to Core. Vulnerabilidad no especificada en el componente Oracle VM VirtualBox en Oracle Virtualization VirtualBox en versiones anteriores a 4.3.36 y en versiones anteriores a 5.0.14 permite a usuarios locales afectar a la disponibilidad a través de vectores desconocidos relacionados con Core. • http://www.debian.org/security/2016/dsa-3454 http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.securityfocus.com/bid/81224 http://www.securitytracker.com/id/1034731 •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2016-0495
https://notcve.org/view.php?id=CVE-2016-0495
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.36 and 5.0.14 allows remote attackers to affect availability via unknown vectors related to Core. Vulnerabilidad no especificada en el componente Oracle VM VirtualBox en Oracle Virtualization VirtualBox en versiones anteriores a 4.3.36 y 5.0.14 permite a atacantes remotos afectar a la disponibilidad a través de vectores desconocidos relacionados con Core. • http://www.debian.org/security/2016/dsa-3454 http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.securityfocus.com/bid/81214 http://www.securitytracker.com/id/1034731 •
CVSS: 6.2EPSS: 1%CPEs: 1EXPL: 0CVE-2016-0602
https://notcve.org/view.php?id=CVE-2016-0602
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.14 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Windows Installer. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is an untrusted search path issue that allows local users to gain privileges via a Trojan horse dll in the "application directory." Vulnerabilidad no especificada en el componente Oracle VM VirtualBox en Oracle Virtualization VirtualBox en versiones anteriores a 5.0.14 permite a usuarios locales afectar a la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos relacionados con Windows Installer. NOTA: la información anterior es de la CPU de Enero de 2016. • http://seclists.org/fulldisclosure/2016/Feb/54 http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.securityfocus.com/archive/1/537462/100/0/threaded http://www.securitytracker.com/id/1034731 •