CVSS: 7.5EPSS: 40%CPEs: 45EXPL: 2CVE-2016-2183 – SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)
https://notcve.org/view.php?id=CVE-2016-2183
01 Sep 2016 — The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. Los cifrados DES y Triple DES, como se usan en los protocolos TLS, SSH e IPSec y otros protocolos y productos, tienen ... • https://packetstorm.news/files/id/142756 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 18%CPEs: 19EXPL: 0CVE-2016-2381 – Gentoo Linux Security Advisory 201701-75
https://notcve.org/view.php?id=CVE-2016-2381
02 Mar 2016 — Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp. Perl podría permitir a atacantes dependientes de contexto eludir los mecanismos de protección taint en un proceso hijo a través de variables de entorno duplicadas en envp. Stephane Chazelas discovered a bug in the environment handling in Perl. Perl provides a Perl-space hash variable, %ENV, in which environment variables can be looked up. If a variable appears... • http://lists.opensuse.org/opensuse-updates/2016-03/msg00112.html • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2015-4921
https://notcve.org/view.php?id=CVE-2015-4921
21 Jan 2016 — Unspecified vulnerability in the Database Vault component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect integrity via unknown vectors. Vulnerabilidad no especificada en el componente Database Vault en Oracle Database Server 11.2.0.4, 12.1.0.1 y 12.1.0.2 permite a usuarios remotos autenticados afectar a la integridad a través de vectores desconocidos. • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html •
CVSS: 7.7EPSS: 0%CPEs: 3EXPL: 0CVE-2015-4923
https://notcve.org/view.php?id=CVE-2015-4923
21 Jan 2016 — Unspecified vulnerability in the XML Developer's Kit for C component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect availability via unknown vectors. Vulnerabilidad no especificada en el componente XML Developer's Kit for C en Oracle Database Server 11.2.0.4, 12.1.0.1 y 12.1.0.2 permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores desconocidos. • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html •
CVSS: 7.7EPSS: 0%CPEs: 3EXPL: 0CVE-2016-0461
https://notcve.org/view.php?id=CVE-2016-0461
21 Jan 2016 — Unspecified vulnerability in the XDB - XML Database component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect availability via unknown vectors. Vulnerabilidad no especificada en el componente XDB - XML Database en Oracle Database Server 11.2.0.4, 12.1.0.1 y 12.1.0.2 permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores desconocidos. • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-0467
https://notcve.org/view.php?id=CVE-2016-0467
21 Jan 2016 — Unspecified vulnerability in the Security component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect integrity via unknown vectors. Vulnerabilidad no especificada en el componente Security en Oracle Database Server 11.2.0.4, 12.1.0.1 y 12.1.0.2 permite a usuarios remotos autenticados afectar a la integridad a través de vectores desconocidos. • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html •
CVSS: 7.7EPSS: 0%CPEs: 3EXPL: 0CVE-2016-0472
https://notcve.org/view.php?id=CVE-2016-0472
21 Jan 2016 — Unspecified vulnerability in the XDB - XML Database component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality and availability via unknown vectors. Vulnerabilidad no especificada en el componente XDB - XML Database en Oracle Database Server 11.2.0.4, 12.1.0.1 y 12.1.0.2 permite a usuarios remotos autenticados afectar a la confidencialidad y la disponibilidad a través de vectores desconocidos. • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html •
CVSS: 9.9EPSS: 1%CPEs: 3EXPL: 0CVE-2016-0499
https://notcve.org/view.php?id=CVE-2016-0499
21 Jan 2016 — Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-4794. Vulnerabilidad no especificada en el componente Java VM en Oracle Database Server 11.2.0.4, 12.1.0.1 y 12.1.0.2 permite a usuarios remotos autenticados afectar a la confidencialidad, la integridad y la disponibilidad a través de vectores desconoc... • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html •
CVSS: 9.9EPSS: 0%CPEs: 3EXPL: 0CVE-2015-4888
https://notcve.org/view.php?id=CVE-2015-4888
21 Oct 2015 — Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-4796. Vulnerabilidad no especificada en el componente Java VM en Oracle Database Server 11.2.0.4, 12.1.0.1 y 12.1.0.2 permite a usuarios remotos autenticados afectar a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos, ... • http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-4857
https://notcve.org/view.php?id=CVE-2015-4857
21 Oct 2015 — Unspecified vulnerability in the RDBMS component in Oracle Database Server 12.1.0.1 and 12.1.0.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. Vulnerabilidad no especificada en el componente RDBMS en Oracle Database Server 12.1.0.1 y 12.1.0.2 permite a usuarios remotos autenticados afectar a la confidencialidad e integridad a través de vectores desconocidos. • http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html •