CVSS: 9.8EPSS: 1%CPEs: 18EXPL: 0CVE-2015-0412 – OpenJDK: insufficient code privileges checks (JAX-WS, 8054367)
https://notcve.org/view.php?id=CVE-2015-0412
21 Jan 2015 — Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS. Vulnerabilidad no especificada en Oracle Java SE 6u85, 7u72, y 8u25 permite a usuarios remotos afectar la confidencialidad, integridad, y disponibilidad a través de vectores relacionados con JAX-WS. An improper permission check issue was discovered in the JAX-WS component in OpenJDK. An untrusted Java application or applet could use th... • http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581 •
CVSS: 5.0EPSS: 94%CPEs: 147EXPL: 6CVE-2014-3566 – SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack
https://notcve.org/view.php?id=CVE-2014-3566
15 Oct 2014 — The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. El protocolo SSL 3.0, utilizado en OpenSSL hasta 1.0.1i y otros productos, utiliza relleno (padding) CBC no determinístico, lo que facilita a los atacantes man-in-the-middle obtener datos de texto plano a través de un ataque de relleno (padding) oracle, también conocid... • https://github.com/mikesplain/CVE-2014-3566-poodle-cookbook • CWE-310: Cryptographic Issues CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') •
CVSS: 10.0EPSS: 1%CPEs: 67EXPL: 0CVE-2014-0553 – flash-plugin: multiple code execution or security bypass flaws (APSB14-21)
https://notcve.org/view.php?id=CVE-2014-0553
10 Sep 2014 — Use-after-free vulnerability in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allows attackers to execute arbitrary code via unspecified vectors. Vulnerabilidad de uso después de liberación en Adobe Flash Player anterior a 13.0.0.244 y 14.x y 15.x anterior a 15.0.0.152... • http://helpx.adobe.com/security/products/flash-player/apsb14-21.html •
CVSS: 9.1EPSS: 0%CPEs: 26EXPL: 0CVE-2014-4258 – mysql: unspecified vulnerability related to SRINFOSC (CPU July 2014)
https://notcve.org/view.php?id=CVE-2014-4258
17 Jul 2014 — Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC. Vulnerabilidad no especificada en el componente MySQL Server en Oracle MySQL 5.5.37 y anteriores y 5.6.17 y anteriores permite a usuarios remotos autenticados afectar la confidencialidad, integridad y disponibilidad a través de vectores relacionados con SRINFOSC. Multiple sec... • http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html •
CVSS: 7.5EPSS: 3%CPEs: 7EXPL: 1CVE-2013-1864
https://notcve.org/view.php?id=CVE-2013-1864
23 May 2014 — The Portable Tool Library (aka PTLib) before 2.10.10, as used in Ekiga before 4.0.1, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted PXML document containing a large number of nested entity references, aka a "billion laughs attack." Portable Tool Library (también conocido como PTLib) anterior a 2.10.10, utilizado en Ekiga anterior a 4.0.1, no detecta debidamente recursión durante expansión de en... • http://lists.fedoraproject.org/pipermail/package-announce/2013-March/099553.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 1CVE-2014-1505 – Mozilla: SVG filters information disclosure through feDisplacementMap (MFSA 2014-28)
https://notcve.org/view.php?id=CVE-2014-1505
18 Mar 2014 — The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a different domain, via a timing attack involving feDisplacementMap elements, a related issue to CVE-2013-1693. La implementación del filtro SVG en Mozilla Firefox anterior a 28.0, Firefox ESR 24.x anterior a 24.4, Thunderbir... • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 6%CPEs: 41EXPL: 0CVE-2013-3567 – puppet: remote code execution on master from unauthenticated clients
https://notcve.org/view.php?id=CVE-2013-3567
19 Jun 2013 — Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call. Puppet 2.7.x anterior a 2.7.22 y 3.2.x anterior a 3.2.2, y Puppet Enterprise anterior a 2.8.2, deserializa YAML sin confianza, lo que permite a atacantes remotos la instanciación de clases de Ruby y ejecutar código arbitrario a través de una llamada RESTAPI manipulada. Pu... • http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00002.html • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 2%CPEs: 355EXPL: 0CVE-2013-1379 – flash-plugin: multiple code execution flaws (APSB13-11)
https://notcve.org/view.php?id=CVE-2013-1379
10 Apr 2013 — Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 do not properly initialize pointer arrays, which allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Adobe Flash Player anterior a v10.3.18... • http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00016.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 4%CPEs: 32EXPL: 8CVE-2009-3547 – Linux Kernel 2.4.1 < 2.4.37 / 2.6.1 < 2.6.32-rc5 - 'pipe.c' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-3547
04 Nov 2009 — Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname. Múltiples condiciones de carrera en fs/pipe.c en el kernel de Linux anteriores a v2.6.32-rc6 permite a usuarios locales producir una denegación de servicio )desreferencia a puntero NULL y caída del sistema) o conseguir privilegios mediante la apertura de un ... • https://packetstorm.news/files/id/139879 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-476: NULL Pointer Dereference CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2008-4636
https://notcve.org/view.php?id=CVE-2008-4636
27 Nov 2008 — yast2-backup 2.14.2 through 2.16.6 on SUSE Linux and Novell Linux allows local users to gain privileges via shell metacharacters in filenames used by the backup process. yast2-backup de 2.14.2 a 2.16.6 en SUSE Linux y Novell Linux permite a usuarios locales obtener privilegios a través de metacaracteres de consola en nombres de archivos usados por el proceso de copia de respaldo. • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00003.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •