CWE:
 

Tytuł
Data
Autor
Low
Apache Tomcat Local bypass of security manger file permissions
12.02.2011
Tomcat security team
High
Ghostscript 8.64 executes random code at startup
22.07.2010
ne01026
Low
Skype extension for Firefox BETA 2.2.0.95 Clipboard Writing Vulnerability
23.12.2008
irk4z
High
Scripteen Free Image Hosting Script 1.2 (cookie) Pass Grabber Exploit
20.07.2008
RMx - Liz0zim
High
Unauthorized reading confirmation from Outlook
07.07.2008
Augusto Paes de Barros


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2014-06-14
Medium
CVE-2014-0186

Vendor: Redhat
Software: Enterprise linux
 

 
A certain tomcat7 package for Apache Tomcat 7 in Red Hat Enterprise Linux (RHEL) 7 allows remote attackers to cause a denial of service (CPU consumption) via a crafted request. NOTE: this vulnerability exists because of an unspecified regression.

 
2014-04-27
Medium
CVE-2011-3603

Vendor: Litech
Software: Router adver...
 

 
The router advertisement daemon (radvd) before 1.8.2 does not properly handle errors in the privsep_init function, which causes the radvd daemon to run as root and has an unspecified impact.

 
2014-02-17
Medium
CVE-2014-0627

Vendor: EMC
Software: Rsa bsafe ssl-j
 

 
The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a certain incomplete-handshake state.

 
Medium
CVE-2014-0626

Vendor: EMC
Software: Rsa bsafe ssl-j
 

 
The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated.

 
Medium
CVE-2014-0625

Vendor: EMC
Software: Rsa bsafe ssl-j
 

 
The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service (memory consumption) by triggering application-data processing during the TLS handshake, a time at which the data is internally buffered.

 
2014-02-06
High
CVE-2013-6486

Vendor: Pidgin
Software: Pidgin
 

 
gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted remote attackers to execute arbitrary programs via a message containing a file: URL that is improperly handled during construction of an explorer.exe command. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3185.

 
2014-01-27
Low
CVE-2014-1604

Vendor: Python
Software: RPLY
 

 
The parser cache functionality in parsergenerator.py in RPLY (aka python-rply) before 0.7.1 allows local users to spoof cache data by pre-creating a temporary rply-*.json file with a predictable name.

 
2014-01-17
Low
CVE-2014-1208

Vendor: Vmware
Software: Fusion
 

 
VMware Workstation 9.x before 9.0.1, VMware Player 5.x before 5.0.1, VMware Fusion 5.x before 5.0.1, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 allow guest OS users to cause a denial of service (VMX process disruption) by using an invalid port.

 
2013-12-24
Low
CVE-2012-6617

Vendor: Ffmpeg
Software: Ffmpeg
 

 
The prepare_sdp_description function in ffserver.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (crash) via vectors related to the rtp format.

 
2013-12-14
Low
CVE-2013-4520

Vendor: Xmlsoft
Software: Libxslt
 

 
xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825.

 

 


Copyright 2024, cxsecurity.com

 

Back to Top