CVSS: 5.3EPSS: 5%CPEs: 17EXPL: 0CVE-2015-1819 – libxml2: denial of service processing a crafted XML document
https://notcve.org/view.php?id=CVE-2015-1819
07 Jul 2015 — The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack. Vulnerabilidad en el xmlreader en libxml, permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de datos XML manipulados, relacionada con un ataque XML Entity Expansión (XEE). A denial of service flaw was found in the way the libxml2 library parsed certain XML files. An attacker could provide a specially... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0CVE-2004-2765
https://notcve.org/view.php?id=CVE-2004-2765
28 Jan 2010 — Cross-site scripting (XSS) vulnerability in Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, a different vulnerability than CVE-2005-2022 and CVE-2006-5486. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Webmail en Sun ONE Messaging Server v6.1 e iPlanet Messaging Server v5.2 anterior a 5.2hf2.02, cuando se u... • http://sunsolve.sun.com/search/document.do?assetkey=1-21-116568-56-1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 10EXPL: 0CVE-2004-2766
https://notcve.org/view.php?id=CVE-2004-2766
28 Jan 2010 — Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02 allows remote attackers to obtain unspecified "access" to e-mail via a crafted e-mail message, related to a "session hijacking" issue, a different vulnerability than CVE-2005-2022 and CVE-2006-5486. Webmail en Sun ONE Messaging Server v6.1 y iPlanet Messaging Server v5.2 anteriores a v5.2hf2.02 permite a atacantes remotos obtener "acceso" inespecífico al correo electrónico a través de un mensaje de correo electrónico m... • http://sunsolve.sun.com/search/document.do?assetkey=1-21-116568-55-1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 92%CPEs: 35EXPL: 3CVE-2008-1447 – BIND 9.4.1 < 9.4.2 - Remote DNS Cache Poisoning
https://notcve.org/view.php?id=CVE-2008-1447
08 Jul 2008 — The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug." El... • https://www.exploit-db.com/exploits/6122 • CWE-331: Insufficient Entropy •
CVSS: 6.1EPSS: 2%CPEs: 64EXPL: 0CVE-2008-2808 – Firefox file location escaping flaw
https://notcve.org/view.php?id=CVE-2008-2808
07 Jul 2008 — Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename. Mozilla Firefox anterior a 2.0.0.15 y SeaMonkey anterior a 1.1.10 no escapan correctamente el HTML en listados de directorios file:// URLs, lo que permite a atacantes remotos llevar a cabo ataques de secuencias de comandos en sitios cruzados (XSS) o te... • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 23%CPEs: 15EXPL: 3CVE-2008-1767 – libxslt XSL 1.1.23 - File Processing Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-1767
23 May 2008 — Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that triggers a large number of steps. Vulnerabilidad de desbordamiento de búfer en pattern.c en libxslt anteriores a 1.1.24, permiten a atacantes, dependiendo del contexto, provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de ... • https://www.exploit-db.com/exploits/31815 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 11%CPEs: 14EXPL: 1CVE-2008-1419 – vorbis: zero-dim codebooks can cause crash, infinite loop or heap overflow
https://notcve.org/view.php?id=CVE-2008-1419
16 May 2008 — Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a denial of service (crash or infinite loop) or trigger an integer overflow. Xiph.org libvorbis 1.2.0 y versiones anteriores no maneja apropiadamente un valor cero de codebook.dim, lo cual permite a atacantes remotos provocar una denegación de servicio (caída o bucle infinito) o disparar un desbordamiento de entero. • http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html • CWE-20: Improper Input Validation CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 8.8EPSS: 6%CPEs: 14EXPL: 0CVE-2008-1420 – vorbis: integer overflow in partvals computation
https://notcve.org/view.php?id=CVE-2008-1420
16 May 2008 — Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow. Desbordamiento de entero en la evaluación de valores en la partición de residuos (también conocido como partvals) en Xiph.org libvorbis 1.2.0 y versiones anteriores permite a atacantes remotos ejecutar código de su elección a través de ficheros OGG manipulados, lo cual dispara un desbordamiento ... • http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 9.3EPSS: 6%CPEs: 13EXPL: 0CVE-2008-1423 – vorbis: integer oveflow caused by huge codebooks
https://notcve.org/view.php?id=CVE-2008-1423
16 May 2008 — Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook, which triggers a heap overflow. Desbordamiento de entero en ciertos cálculos quantvals y quantlist de Xiph.org libvorbis 1.2.0 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (caída) o ejecutar código de su elecc... • http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 11%CPEs: 51EXPL: 0CVE-2007-5116 – perl regular expression UTF parsing errors
https://notcve.org/view.php?id=CVE-2007-5116
07 Nov 2007 — Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression. Desbordamiento de búfer en el soporte opcode polimórfico del Motor de Expresiones Regulares (regcomp.c) en Perl 5.8 permite a atacantes dependientes de contexto ejecutar código de su elección cambiando de byte a caracteres Unicode (UTF) en una expresión regular. Multi... • ftp://aix.software.ibm.com/aix/efixes/security/README • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •