CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2023-32831
https://notcve.org/view.php?id=CVE-2023-32831
02 Jan 2024 — In wlan driver, there is a possible PIN crack due to use of insufficiently random values. This could lead to local information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00325055; Issue ID: MSV-868. En el controlador WLAN, existe una posible vulneración del PIN debido al uso de valores insuficientemente aleatorios. • https://corp.mediatek.com/product-security-bulletin/January-2024 • CWE-330: Use of Insufficiently Random Values •
CVSS: 7.5EPSS: 2%CPEs: 17EXPL: 0CVE-2018-1517 – JDK: DoS in the java.math component
https://notcve.org/view.php?id=CVE-2018-1517
20 Aug 2018 — A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-of-service attack with specially crafted String data. IBM X-Force ID: 141681. Un fallo en el componente java.math en IBM SDK, Java Technology Edition 6.0, 7.0 y 8.0 podría permitir que un atacante inflija un ataque de denegación de servicio (DoS) con datos String especialmente manipulados. IBM X-Force ID: 141681. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Envir... • http://www.ibm.com/support/docview.wss?uid=ibm10719653 • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 8%CPEs: 32EXPL: 0CVE-2016-0363 – JDK: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix
https://notcve.org/view.php?id=CVE-2016-0363
30 Apr 2016 — The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.... • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 5%CPEs: 37EXPL: 0CVE-2016-0264 – JDK: buffer overflow vulnerability in the IBM JVM
https://notcve.org/view.php?id=CVE-2016-0264
30 Apr 2016 — Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors. Desbordamiento de buffer en Java Virtual Machine (JVM) en IBM SDK, Java Technology Edition 6 en versiones anteriores a SR16 FP25 (6.0.16.25), 6 R1 en versiones anteriores a SR8 FP25 (6.1.8.25), 7 ... • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.1EPSS: 23%CPEs: 34EXPL: 0CVE-2016-0376 – JDK: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix
https://notcve.org/view.php?id=CVE-2016-0376
30 Apr 2016 — The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSin... • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html •
CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0CVE-2015-5006 – JDK: local disclosure of kerberos credentials cache
https://notcve.org/view.php?id=CVE-2015-5006
23 Nov 2015 — IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache. IBM Java Security Components en IBM SDK, Java Technology Edition 8 en versiones anteriores a SR2, 7 R1 en versiones anteriores a SR3 FP20, 7 en versiones anteriores a SR9 FP20, 6 R1 en versiones anteriores a SR8 FP15 y 6 en versiones an... • http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 30EXPL: 0CVE-2015-1931 – JDK: plain text data stored in memory dumps
https://notcve.org/view.php?id=CVE-2015-1931
22 Jul 2015 — IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file. IBM Java Security Components en IBM SDK, Java Technology Edition 8 versiones anteriores a SR1 FP10, 7 R1 anteriores a SR3 FP10, 7 anteriores a SR9 FP10, 6 R1 anteriores a SR8 FP7, 6 anteriores a SR16 ... • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00051.html • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 9.8EPSS: 3%CPEs: 27EXPL: 0CVE-2015-0192 – JDK: unspecified Java sandbox restrictions bypass
https://notcve.org/view.php?id=CVE-2015-0192
13 May 2015 — Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine. Vulnerabilidad no especificada en IBM Java 8 anterior a SR1, 7 R1 anterior a SR2 FP11, 7 anterior a SR9, 6 R1 anterior a SR8 FP4, 6 anterior a SR16 FP4, y 5.0 anterior a SR16 FP10 permite a atacantes remotos ganar privilegios a través de vectores desconocidos... • http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html •
CVSS: 10.0EPSS: 0%CPEs: 160EXPL: 0CVE-2015-2808 – SSL/TLS: "Invariance Weakness" vulnerability in RC4 stream cipher
https://notcve.org/view.php?id=CVE-2015-2808
01 Apr 2015 — The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue. El algoritmo RC4, utilizado en el protocolo TLS y el prot... • http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.0EPSS: 97%CPEs: 147EXPL: 6CVE-2014-3566 – SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack
https://notcve.org/view.php?id=CVE-2014-3566
15 Oct 2014 — The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. El protocolo SSL 3.0, utilizado en OpenSSL hasta 1.0.1i y otros productos, utiliza relleno (padding) CBC no determinístico, lo que facilita a los atacantes man-in-the-middle obtener datos de texto plano a través de un ataque de relleno (padding) oracle, también conocid... • https://github.com/mikesplain/CVE-2014-3566-poodle-cookbook • CWE-310: Cryptographic Issues CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') •