CVSS: 8.8EPSS: 1%CPEs: 11EXPL: 0CVE-2019-13730 – chromium-browser: Type Confusion in V8
https://notcve.org/view.php?id=CVE-2019-13730
10 Dec 2019 — Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una confusión de tipo en JavaScript en Google Chrome versiones anteriores a la versión 79.0.3945.79, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML especialmente diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 79.0.3945.79. Issues... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html • CWE-787: Out-of-bounds Write CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2011-3172 – unix2_chkpwd do not check for a valid account
https://notcve.org/view.php?id=CVE-2011-3172
08 Jun 2018 — A vulnerability in pam_modules of SUSE Linux Enterprise allows attackers to log into accounts that should have been disabled. Affected releases are SUSE Linux Enterprise: versions prior to 12. Una vulnerabilidad en pam_modules de SUSE Linux Enterprise permite a los atacantes iniciar sesión en cuentas que deberían haberse desactivado. Las versiones afectadas son SUSE Linux Enterprise: versiones anteriores a la 12. • https://bugzilla.suse.com/show_bug.cgi?id=707645 • CWE-264: Permissions, Privileges, and Access Controls CWE-304: Missing Critical Step in Authentication •
CVSS: 7.8EPSS: 9%CPEs: 21EXPL: 2CVE-2014-3673 – kernel: sctp: skb_over_panic when receiving malformed ASCONF chunks
https://notcve.org/view.php?id=CVE-2014-3673
31 Oct 2014 — The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c. La implementación SCTP en el kernel de Linux hasta 3.17.2 permite a atacantes remotos causar una denegación de servicio (caída del sistema) a través de un chunk ASCONF malformado, relacionado con net/sctp/sm_make_chunk.c y net/sctp/sm_statefuns.c. A flaw was found in the way the Linux kern... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9de7922bc709eee2f609cd01d98aaedc4cf5ea74 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 94%CPEs: 147EXPL: 6CVE-2014-3566 – SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack
https://notcve.org/view.php?id=CVE-2014-3566
15 Oct 2014 — The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. El protocolo SSL 3.0, utilizado en OpenSSL hasta 1.0.1i y otros productos, utiliza relleno (padding) CBC no determinístico, lo que facilita a los atacantes man-in-the-middle obtener datos de texto plano a través de un ataque de relleno (padding) oracle, también conocid... • https://github.com/mikesplain/CVE-2014-3566-poodle-cookbook • CWE-310: Cryptographic Issues CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 1CVE-2012-6657 – Kernel: net: guard tcp_set_keepalive against crash
https://notcve.org/view.php?id=CVE-2012-6657
28 Sep 2014 — The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5.7 does not ensure that a keepalive action is associated with a stream socket, which allows local users to cause a denial of service (system crash) by leveraging the ability to create a raw socket. La función sock_setsockopt en net/core/sock.c en el kernel de Linux anterior a 3.5.7 no asegura que una acción keepalive está asociada con un socket de flujo, lo que permite a usuarios locales causar una denegación de servicio (caída de... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3e10986d1d698140747fcfc2761ec9cb64c1d582 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 6%CPEs: 27EXPL: 1CVE-2014-1524 – Mozilla: Buffer overflow when using non-XBL object as XBL (MFSA 2014-38)
https://notcve.org/view.php?id=CVE-2014-1524
29 Apr 2014 — The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted JavaScript code that accesses a non-XBL object as if it were an XBL object. La función nsXBLProtoImpl::InstallImplementation en Mozilla Firefox anterior a 29.0, Firefox ESR 24.... • http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.1EPSS: 0%CPEs: 27EXPL: 0CVE-2014-1530 – Mozilla: Cross-site scripting (XSS) using history navigations (MFSA 2014-43)
https://notcve.org/view.php?id=CVE-2014-1530
29 Apr 2014 — The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web site that performs history navigation. La implementación docshell en Mozilla Firefox anterior a 29.0, Firefox ESR 24.x anterior a 24.5, Thunderbird anterior a 24.5 y SeaMonkey anterior a 2.26 permite a atacantes remo... • http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 1%CPEs: 27EXPL: 1CVE-2014-1531 – Mozilla: Use-after-free in imgLoader while resizing images (MFSA 2014-44)
https://notcve.org/view.php?id=CVE-2014-1531
29 Apr 2014 — Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving an imgLoader object that is not properly handled during an image-resize operation. Vulnerabilidad de uso después de liberación en la función nsGenericHTMLElement::GetWidthHeightForIma... • http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 27EXPL: 0CVE-2014-1523 – Mozilla: Out of bounds read while decoding JPG images (MFSA-2014-37)
https://notcve.org/view.php?id=CVE-2014-1523
29 Apr 2014 — Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image. Desbordamiento de buffer basado en memoria dinámica en la función read_u32 en Mozilla Firefox anterior a 29.0, Firefox ESR 24.x anterior a 24.5, Thunderbird anterior a 24.5 y SeaMonkey anterior a 2.26 permite a atacantes remo... • http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 1%CPEs: 27EXPL: 9CVE-2014-1518 – Mozilla: Miscellaneous memory safety hazards (rv:24.5) (MFSA 2014-34)
https://notcve.org/view.php?id=CVE-2014-1518
29 Apr 2014 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de navegador en Mozilla Firefox anterior a 29.0, Firefox ESR 24.x anterior a 24.5, Thunderbird anterior a 24.5 y SeaMonkey anterior a ... • http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html •