CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30903
https://notcve.org/view.php?id=CVE-2023-30903
16 Jun 2023 — HP-UX could be exploited locally to create a Denial of Service (DoS) when any physical interface is configured with IPv6/inet6. • https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbux04474en_us • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 90%CPEs: 49EXPL: 4CVE-2016-2776 – ISC BIND 9 - Denial of Service
https://notcve.org/view.php?id=CVE-2016-2776
28 Sep 2016 — buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query. buffer.c en named en ISC BIND 9 en versiones anteriores a 9.9.9-P3, 9.10.x en versiones anteriores a 9.10.4-P3 y 9.11.x en versiones anteriores a 9.11.0rc3 no construye respuestas adecuadamente, lo que permite a atacantes remotos provocar una denegación d... • https://packetstorm.news/files/id/180551 • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVSS: 5.9EPSS: 29%CPEs: 42EXPL: 0CVE-2016-2775 – bind: Too long query name causes segmentation fault in lwresd
https://notcve.org/view.php?id=CVE-2016-2775
19 Jul 2016 — ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol. ISC BIND 9.x en versiones anteriores a 9.9.9-P2, 9.10.x en versiones anteriores a 9.10.4-P2 y 9.11.x en versiones anteriores a 9.11.0b2, cuando lwresd o la opción nombrada lwres está habilitada, permite a atacantes remotos provocar una denegación ... • http://www.securityfocus.com/bid/92037 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 94%CPEs: 42EXPL: 1CVE-2015-4000 – LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks
https://notcve.org/view.php?id=CVE-2015-4000
21 May 2015 — The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. El protocolo TLS 1.2 y anteriores, cuando una suite de cifrado DHE_EXPORT está habilitada en un servidor pero no en un cliente, no t... • https://github.com/fatlan/HAProxy-Keepalived-Sec-HighLoads • CWE-310: Cryptographic Issues CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.8EPSS: 8%CPEs: 240EXPL: 0CVE-2014-7810 – Tomcat/JbossWeb: security manager bypass via EL expressions
https://notcve.org/view.php?id=CVE-2014-7810
14 May 2015 — The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation. La implementación Expression Language (EL) en Apache Tomcat 6.x anterior a 6.0.44, 7.x anterior a 7.0.58, y 8.x anterior a 8... • http://marc.info/?l=bugtraq&m=145974991225029&w=2 • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-7879 – HP Security Bulletin HPSBUX03166 SSRT101489 1
https://notcve.org/view.php?id=CVE-2014-7879
26 Nov 2014 — HP HP-UX B.11.11, B.11.23, and B.11.31, when the PAM configuration includes libpam_updbe, allows remote authenticated users to bypass authentication, and consequently execute arbitrary code, via unspecified vectors. HP HP-UX B.11.11, B.11.23, y B.11.31, cuando la configuración PAM incluye libpam_updbe, permite a usuarios remotos autenticados evadir la autenticación, y como consecuencia ejecutar código arbitrario, a través de vectores no especificados. A potential security vulnerability has been identified i... • https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04511778 • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-7877 – HP Security Bulletin HPSBUX03159 SSRT101785 2
https://notcve.org/view.php?id=CVE-2014-7877
29 Oct 2014 — Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors. Vulnerabilidad no especificada en el kernel en HP HP-UX B.11.31 permite a usuarios locales causar una denegación de servicio a través de vectores desconocidos. A potential security vulnerability has been identified in the HP-UX kernel. This vulnerability could allow local users to create a Denial of Service. Revision 2 of this advisory. • http://secunia.com/advisories/61196 •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2014-7874 – HP Security Bulletin HPSBUX03139 SSRT101608
https://notcve.org/view.php?id=CVE-2014-7874
15 Oct 2014 — Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 3.2.3 on HP-UX B.11.23, and before 3.2.8 on HP-UX B.11.31, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Vulnerabilidad de CSRF en HP System Management Homepage (SMH) anterior a 3.2.3 en HP-UX B.11.23, y anterior a 3.2.8 en HP-UX B.11.31, permite a atacantes remotos secuestrar la autenticación de victimas no especificadas a través de vectores desconocidos. A potent... • http://secunia.com/advisories/60945 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 7%CPEs: 7EXPL: 0CVE-2014-2490 – Oracle Java ResourceBundle Format String Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-2490
16 Jul 2014 — Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Vulnerabilidad no especificada en el componente Java SE en Oracle Java SE 7u60 y SE 8u5 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con Hotspot. This vulnerability allows remote attackers to execute arbitrary code on vul... • http://marc.info/?l=bugtraq&m=140852886808946&w=2 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2013-6219 – HP Security Bulletin HPSBUX03001 SSRT101382
https://notcve.org/view.php?id=CVE-2013-6219
16 Apr 2014 — Unspecified vulnerability in HP HP-UX Whitelisting (aka WLI) before A.01.02.02 on HP-UX B.11.31 allows local users to bypass intended access restrictions via unknown vectors. Vulnerabilidad no especificada en HP HP-UX Whitelisting (también conocido como WLI) anterior a A.01.02.02 en HP-UX B.11.31 permite a usuarios locales evadir restricciones de acceso a través de vectores desconocidos. A potential security vulnerability has been identified with the HP-UX Whitelisting (WLI) product. The vulnerability could... • https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04227671 •