CVE-2014-2475
https://notcve.org/view.php?id=CVE-2014-2475
Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 4.63, 4.71, 5.0, and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server (ttaauxserv). Vulnerabilidad sin especificar en el componente Oracle Secure Global Desktop en Oracle Virtualization 4.63, 4.71, 5.0 y 5.1 permite a atacantes remotos afectar a la disponibilidad a través de vectores relacionados con el servidor proxy SGD (ttaauxserv). • http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html http://www.securitytracker.com/id/1031034 •
CVE-2014-0230 – tomcat: non-persistent DoS attack by feeding data by aborting an upload
https://notcve.org/view.php?id=CVE-2014-0230
Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts. Apache Tomcat 6.x en versiones anteriores a 6.0.44, 7.x en versiones anteriores a 7.0.55 y 8.x en versiones anteriores a 8.0.9 no maneja adecuadamente los casos en los que se produce una respuesta HTTP antes de terminar la lectura de una petición de cuerpo entero, lo que permite a atacantes remotos causar una denegación de servicio (consumo de hilo) a través de una serie de intentos de carga abortada. It was found that Tomcat would keep connections open after processing requests with a large enough request body. A remote attacker could potentially use this flaw to exhaust the pool of available connections and preventing further, legitimate connections to the Tomcat server to be made. • http://mail-archives.apache.org/mod_mbox/tomcat-announce/201505.mbox/%3C554949D1.8030904%40apache.org%3E http://marc.info/?l=bugtraq&m=144498216801440&w=2 http://marc.info/?l=bugtraq&m=145974991225029&w=2 http://openwall.com/lists/oss-security/2015/04/10/1 http://rhn.redhat.com/errata/RHSA-2015-1621.html http://rhn.redhat.com/errata/RHSA-2015-1622.html http://rhn.redhat.com/errata/RHSA-2015-2661.html http://rhn.redhat.com/errata/RHSA-2016-0595.html http:/ • CWE-399: Resource Management Errors CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2014-4232
https://notcve.org/view.php?id=CVE-2014-4232
Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) component in Oracle Virtualization 4.63, 4.71, 5.0, and 5.1 allows remote attackers to affect integrity via unknown vectors related to Workspace Web Application, a different vulnerability than CVE-2014-2463. Vulnerabilidad no especificada en el componente Oracle Secure Global Desktop (SGD) en Oracle Virtualization 4.63, 4.71, 5.0 y 5.1 permite a atacantes remotos afectar la integridad a través de vectores desconocidos relacionados con Workspace Web Application, una vulnerabilidad diferente a CVE-2014-2463. • http://seclists.org/fulldisclosure/2014/Dec/23 http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://www.securityfocus.com/archive/1/534161/100/0/threaded http://www.securityfocus.com/bid/68606 http://www.vmware.com/security/advisories/VMSA-2014-0012.html https://exchange.xforce.ibmcloud.com/vulnerabilities/94614 •
CVE-2014-2463
https://notcve.org/view.php?id=CVE-2014-2463
Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) component in Oracle Virtualization 4.63, 4.71, 5.0, and 5.1 allows remote attackers to affect integrity via unknown vectors related to Workspace Web Application, a different vulnerability than CVE-2014-4232. Vulnerabilidad no especificada en el componente Oracle Secure Global Desktop (SGD) en Oracle Virtualization 4.63, 4.71, 5.0 y 5.1 permite a atacantes remotos afectar la integridad a través de vectores desconocidos relacionados con Workspace Web Application, una vulnerabilidad diferente a CVE-2014-4232. • http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html •
CVE-2014-0419
https://notcve.org/view.php?id=CVE-2014-0419
Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) component in Oracle Virtualization SGD before 4.63 with December 2013 PSU, 4.71, 5.0 with December 2013 PSU, and 5.10 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration Console and Workspace Web Applications. Vulnerabilidad no especificada en el componente Oracle Secure Global Desktop (SGD) de Oracle Virtualization SGD anteriores a 4.63 con PSU Diciembre 2013, 4.71; 5.0 con PSU Diciembre 2013; y 5.10 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con Administration Console y Workspace Web Applications. • http://osvdb.org/102110 http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html http://www.securityfocus.com/bid/64758 http://www.securityfocus.com/bid/64902 http://www.securitytracker.com/id/1029610 https://exchange.xforce.ibmcloud.com/vulnerabilities/90367 •