CVSS: 8.8EPSS: 1%CPEs: 11EXPL: 0CVE-2019-13730 – chromium-browser: Type Confusion in V8
https://notcve.org/view.php?id=CVE-2019-13730
10 Dec 2019 — Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una confusión de tipo en JavaScript en Google Chrome versiones anteriores a la versión 79.0.3945.79, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML especialmente diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 79.0.3945.79. Issues... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html • CWE-787: Out-of-bounds Write CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 5.9EPSS: 10%CPEs: 51EXPL: 0CVE-2016-6306 – openssl: certificate message OOB reads
https://notcve.org/view.php?id=CVE-2016-6306
22 Sep 2016 — The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c. El analizador certificado en OpenSSL en versiones anteriores a 1.0.1u y 1.0.2 en versiones anteriores a 1.0.2i podría permitir a atacantes remotos provocar una denegación de servicio (lectura fuera de rango) a través de operaciones certificadas manipuladas, relacionado con s3_clnt.c y s3_... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 • CWE-125: Out-of-bounds Read •
CVSS: 5.0EPSS: 94%CPEs: 147EXPL: 6CVE-2014-3566 – SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack
https://notcve.org/view.php?id=CVE-2014-3566
15 Oct 2014 — The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. El protocolo SSL 3.0, utilizado en OpenSSL hasta 1.0.1i y otros productos, utiliza relleno (padding) CBC no determinístico, lo que facilita a los atacantes man-in-the-middle obtener datos de texto plano a través de un ataque de relleno (padding) oracle, también conocid... • https://github.com/mikesplain/CVE-2014-3566-poodle-cookbook • CWE-310: Cryptographic Issues CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 1CVE-2012-6657 – Kernel: net: guard tcp_set_keepalive against crash
https://notcve.org/view.php?id=CVE-2012-6657
28 Sep 2014 — The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5.7 does not ensure that a keepalive action is associated with a stream socket, which allows local users to cause a denial of service (system crash) by leveraging the ability to create a raw socket. La función sock_setsockopt en net/core/sock.c en el kernel de Linux anterior a 3.5.7 no asegura que una acción keepalive está asociada con un socket de flujo, lo que permite a usuarios locales causar una denegación de servicio (caída de... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3e10986d1d698140747fcfc2761ec9cb64c1d582 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 1%CPEs: 18EXPL: 1CVE-2011-4913
https://notcve.org/view.php?id=CVE-2011-4913
21 Jun 2012 — The rose_parse_ccitt function in net/rose/rose_subr.c in the Linux kernel before 2.6.39 does not validate the FAC_CCITT_DEST_NSAP and FAC_CCITT_SRC_NSAP fields, which allows remote attackers to (1) cause a denial of service (integer underflow, heap memory corruption, and panic) via a small length value in data sent to a ROSE socket, or (2) conduct stack-based buffer overflow attacks via a large length value in data sent to a ROSE socket. La función rose_parse_ccitt en la net/rose/rose_subr.c en el kernel de... • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 18EXPL: 1CVE-2011-4914
https://notcve.org/view.php?id=CVE-2011-4914
21 Jun 2012 — The ROSE protocol implementation in the Linux kernel before 2.6.39 does not verify that certain data-length values are consistent with the amount of data sent, which might allow remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via crafted data to a ROSE socket. La implementación del protocolo ROSE en el kernel de Linux anteriores a v2.6.39 no verifica que algunos valores de la longitud de datos son consistentes con la cantidad de datos env... • http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 22EXPL: 1CVE-2012-2313 – kernel: unfiltered netdev rio_ioctl access by users
https://notcve.org/view.php?id=CVE-2012-2313
13 Jun 2012 — The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet adapter via an ioctl call. La función rio_ioctl de drivers/net/ethernet/dlink/dl2k.c del kernel de Linux en versiones anteriores a la 3.3.7 no restringe el acceso al comando SIOCSMIIREG, lo que permite a usuarios locales escribir datos a un adaptador Ethernet a través de una llamada ioctl. Potential vulnerabili... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1bb57e940e1958e40d51f2078f50c3a96a9b2d75 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2011-0988
https://notcve.org/view.php?id=CVE-2011-0988
18 Apr 2011 — pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors. pure-ftpd 1.0.22, tal como se utiliza en SUSE Linux Enterprise Server 10 Service Pack 3 y Service Pack 4, y Enterprise Desktop 10 Service Pack 3 y Service Pack 4, cuando se ejecutan las extensiones OES Netware, crea un directo... • http://secunia.com/advisories/44039 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2010-3912
https://notcve.org/view.php?id=CVE-2010-3912
12 Jan 2011 — The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not "disguise passwords" in configuration files, which has unknown impact and attack vectors. La secuencia de comandos en supportconfig en supportutils en el SP3 de SUSE Linux Enterprise v11 Service Pack 1 y 10 no "disfraza contraseñas" en los archivos de configuración, que tiene un impacto y vectores de ataque desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html • CWE-255: Credentials Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2009-1297
https://notcve.org/view.php?id=CVE-2009-1297
23 Oct 2009 — iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name. iscsi_discovery en open-iscsi en SUSE openSUSE versión 10.3 hasta la 11.1 y SUSE Linux Enterprise (SLE) versión 10 SP2 y 11, y otros sistemas operativos, permite a los usuarios locales sobrescribir archivos arbitrarios por medio de un ataqu... • http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •