CVSS: 7.5EPSS: 3%CPEs: 4EXPL: 0CVE-2015-4555
https://notcve.org/view.php?id=CVE-2015-4555
Buffer overflow in the HTTP administrative interface in TIBCO Rendezvous before 8.4.4, Rendezvous Network Server before 1.1.1, Substation ES before 2.9.0, and Messaging Appliance before 8.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Rendezvous Daemon (rvd), Routing Daemon (rvrd), Secure Daemon (rvsd), Secure Routing Daemon (rvsrd), Gateway Daemon (rvgd), Daemon Adapter (rvda), Cache (rvcache), Agent (rva), and Relay Agent (rvrad) components. Desbordamiento de buffer en la interfaz administrativa HTTP en TIBCO Rendezvous en versiones anteriores a 8.4.4, Rendezvous Network Server en versiones anteriores a 1.1.1, Substation ES en versiones anteriores a 2.9.0 y Messaging Appliance en versiones anteriores a 8.7.2, permite a atacantes remotos causar una denegación de servicio o posiblemente ejecutar código arbitrario a través de vectores no especificados, relacionado con los componentes Rendezvous Daemon (rvd), Routing Daemon (rvrd), Secure Daemon (rvsd), Secure Routing Daemon (rvsrd), Gateway Daemon (rvgd), Daemon Adapter (rvda), Cache (rvcache), Agent (rva) y Relay Agent (rvrad). • http://www.securitytracker.com/id/1033677 http://www.tibco.com/assets/blt18493dc775c50c09/2015-002-advisory.txt http://www.tibco.com/mk/advisory.jsp •
CVSS: 7.5EPSS: 3%CPEs: 12EXPL: 0CVE-2014-2543
https://notcve.org/view.php?id=CVE-2014-2543
Buffer overflow in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to execute arbitrary code by leveraging access to a directly connected client and transmitting crafted data. Desbordamiento de buffer en el demonio de Rendezvous (rvd), el demonio de Rendezvous Routing (rvrd), el demonio de Rendezvous Secure (rvsd) y el demonio de Rendezvous Secure Routing (rvsrd) en TIBCO Rendezvous anterior a 8.4.2, Messaging Appliance anterior a 8.7.1 y Substation ES anterior a 2.8.1 permite a atacantes remotos ejecutar código arbitrario mediante el aprovechamiento de acceso al cliente conectado directamente y transmitiendo datos manipulados. • http://www.securityfocus.com/bid/66744 http://www.securitytracker.com/id/1030070 http://www.tibco.com/mk/advisory.jsp http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0CVE-2014-2541
https://notcve.org/view.php?id=CVE-2014-2541
The Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 do not properly implement access control, which allows remote attackers to obtain sensitive information or modify transmitted information via unspecified vectors. El demonio de Rendezvous (rvd), el demonio de Rendezvous Routing (rvrd), el demonio de Rendezvous Secure (rvsd) y el demonio de Rendezvous Secure Routing (rvsrd) en TIBCO Rendezvous anterior a 8.4.2, Messaging Appliance anterior a 8.7.1 y Substation ES anterior a 2.8.1 no implementan debidamente control de acceso, lo que permite a atacantes remotos obtener información sensible o modificar información transmitida a través de vectores no especificados. • http://www.securitytracker.com/id/1030070 http://www.tibco.com/mk/advisory.jsp http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0CVE-2014-2542
https://notcve.org/view.php?id=CVE-2014-2542
Cross-site scripting (XSS) vulnerability in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el demonio de Rendezvous (rvd), el demonio de Rendezvous Routing (rvrd), el demonio de Rendezvous Secure (rvsd) y el demonio de Rendezvous Secure Routing (rvsrd) en TIBCO Rendezvous anterior a 8.4.2, Messaging Appliance anterior a 8.7.1 y Substation ES anterior a 2.8.1 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de vectores no especificados. • http://www.securityfocus.com/bid/101873 http://www.securityfocus.com/bid/66737 http://www.securitytracker.com/id/1030070 http://www.tibco.com/mk/advisory.jsp http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •