CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2017-13099 – wolfSSL Bleichenbacher/ROBOT
https://notcve.org/view.php?id=CVE-2017-13099
13 Dec 2017 — wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as "ROBOT." wolfSSL en versiones anteriores a la 3.12.2 proporciona un oráculo de Bleichenbacher débil cuando se negocia una suite de cifrado TLS que utiliza un intercambio de claves RSA. Un atacante puede recuperar la clave privada desde una aplicación wolfSSL vul... • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-002.txt • CWE-203: Observable Discrepancy •
CVSS: 10.0EPSS: 54%CPEs: 54EXPL: 4CVE-2017-14491 – Dnsmasq < 2.78 - 2-byte Heap Overflow
https://notcve.org/view.php?id=CVE-2017-14491
02 Oct 2017 — Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. Un desbordamiento de búfer basado en memoria dinámica (heap) en dnsmasq en versiones anteriores a la 2.78 permite a los atacantes provocar una denegación de servicio (cierre inesperado) o ejecutar código arbitrario utilizando una respuesta DNS manipulada. A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replie... • https://packetstorm.news/files/id/144480 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 2%CPEs: 6EXPL: 3CVE-2016-2031 – Aruba Authentication Bypass / Insecure Transport / Tons of Issues
https://notcve.org/view.php?id=CVE-2016-2031
06 May 2016 — Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary code. Se presentan múltiples vulnerabilidades en Aruba Instate versiones anteriores a 4.1.3.0 y 4.2.3.1, debido a una comprobación insuficiente de la entrada suministrada por el usuario y una ... • https://packetstorm.news/files/id/136997 • CWE-20: Improper Input Validation •