CVSS: 6.5EPSS: 67%CPEs: 58EXPL: 0CVE-2016-0777 – OpenSSH: Client Information leak due to use of roaming connection feature
https://notcve.org/view.php?id=CVE-2016-0777
14 Jan 2016 — The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. La función resend_bytes en roaming_common.c en el cliente en OpenSSH 5.x, 6.x y 7.x en versiones anteriores a 7.1p2 permite a servidores remotos obtener información sensible desde la memoria de proceso mediante la petición de transmisión de un bu... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-682: Incorrect Calculation •
CVSS: 7.8EPSS: 1%CPEs: 11EXPL: 0CVE-2014-2537
https://notcve.org/view.php?id=CVE-2014-2537
18 Mar 2014 — Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. Fuga de memoria en la pila TCP en el kernel en Sophos UTM anterior a 9.109 permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de vectores no especificados. • http://blogs.sophos.com/2014/02/20/utm-up2date-9-109 • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 1CVE-2012-3238
https://notcve.org/view.php?id=CVE-2012-3238
09 Jul 2012 — Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Comment (optional)" field. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el componente Backup/Restore en WebAdmin en Astaro Security Gateway anteriores a v8.305, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del campo "Comment (opcional)". • http://archives.neohapsis.com/archives/fulldisclosure/2012-06/0206.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •