Przykłady dla Common Weakness Enumeration - CXSecurity.com

	Tytuł	Data	Autor
Low	Apache Tomcat Local bypass of security manger file permissions	12.02.2011	Tomcat security team
High	Ghostscript 8.64 executes random code at startup	22.07.2010	ne01026
Low	Skype extension for Firefox BETA 2.2.0.95 Clipboard Writing Vulnerability	23.12.2008	irk4z
High	Scripteen Free Image Hosting Script 1.2 (cookie) Pass Grabber Exploit	20.07.2008	RMx - Liz0zim
High	Unauthorized reading confirmation from Outlook	07.07.2008	Augusto Paes de Barros

Common Weakness Enumeration (CWE)

CVE

Szczegóły

Opis

2014-06-14

Medium

CVE-2014-0186

Vendor: Redhat
Software: Enterprise linux

A certain tomcat7 package for Apache Tomcat 7 in Red Hat Enterprise Linux (RHEL) 7 allows remote attackers to cause a denial of service (CPU consumption) via a crafted request. NOTE: this vulnerability exists because of an unspecified regression.

2014-04-27

Medium

CVE-2011-3603

Vendor: Litech
Software: Router adver...

The router advertisement daemon (radvd) before 1.8.2 does not properly handle errors in the privsep_init function, which causes the radvd daemon to run as root and has an unspecified impact.

2014-02-17

Medium	CVE-2014-0627	Vendor: EMC Software: Rsa bsafe ssl-j	The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a certain incomplete-handshake state.
Medium	CVE-2014-0626	Vendor: EMC Software: Rsa bsafe ssl-j	The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated.
Medium	CVE-2014-0625	Vendor: EMC Software: Rsa bsafe ssl-j	The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service (memory consumption) by triggering application-data processing during the TLS handshake, a time at which the data is internally buffered.

2014-02-06

High

CVE-2013-6486

Vendor: Pidgin
Software: Pidgin

gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted remote attackers to execute arbitrary programs via a message containing a file: URL that is improperly handled during construction of an explorer.exe command. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3185.

2014-01-27

Low

CVE-2014-1604

Vendor: Python
Software: RPLY

The parser cache functionality in parsergenerator.py in RPLY (aka python-rply) before 0.7.1 allows local users to spoof cache data by pre-creating a temporary rply-*.json file with a predictable name.

2014-01-17

Low

CVE-2014-1208

Vendor: Vmware
Software: Fusion

VMware Workstation 9.x before 9.0.1, VMware Player 5.x before 5.0.1, VMware Fusion 5.x before 5.0.1, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 allow guest OS users to cause a denial of service (VMX process disruption) by using an invalid port.

2013-12-24

Low

CVE-2012-6617

Vendor: Ffmpeg
Software: Ffmpeg

The prepare_sdp_description function in ffserver.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (crash) via vectors related to the rtp format.

2013-12-14

Low

CVE-2013-4520

Vendor: Xmlsoft
Software: Libxslt

xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825.

Copyright 2024, cxsecurity.com