CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2013-4284 – cumin: Denial of service due to improper handling of certain Ajax requests
https://notcve.org/view.php?id=CVE-2013-4284
Cumin, as used in Red Hat Enterprise MRG 2.4, allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted Ajax update request. Cumin, tal como se usa en Red Hat Enterprise MRG 2.4, permite a atacantes remotos provocar una denegación de servicio (CPU y consumo de memoria) a través de una petición de actualización Ajax manipulada. • http://rhn.redhat.com/errata/RHSA-2013-1294.html http://rhn.redhat.com/errata/RHSA-2013-1295.html http://www.securitytracker.com/id/1029122 https://access.redhat.com/security/cve/CVE-2013-4284 https://bugzilla.redhat.com/show_bug.cgi?id=986214 • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2013-4255 – condor: condor_startd DoS when parsing policy definition that evaluates to ERROR or UNDEFINED
https://notcve.org/view.php?id=CVE-2013-4255
The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a (1) PREEMPT, (2) SUSPEND, (3) CONTINUE, (4) WANT_VACATE, or (5) KILL policy that evaluate to an Unconfigured, Undefined, or Error state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job. La política de definición evaluadora en Condor 7.5.4, 8.0.0, y versiones anteriores no trata correctamente los atributos de una (1) PREEMPT, (2) SUSPEND, (3) CONTINUE, (4) WANT_VACATE, o (5) KILL política que evalua un estado No Configurado, Indefinido o estado de error, lo que permite a los usuarios remotos autenticados causar una denegación de servicio (salida condor_startd) a través de un trabajo manipulad • http://rhn.redhat.com/errata/RHSA-2013-1171.html http://rhn.redhat.com/errata/RHSA-2013-1172.html https://bugzilla.redhat.com/show_bug.cgi?id=919401 https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1786 https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=3829 https://access.redhat.com/security/cve/CVE-2013-4255 • CWE-20: Improper Input Validation •
CVSS: 5.8EPSS: 0%CPEs: 17EXPL: 0CVE-2013-1909 – python-qpid: client does not validate qpid server TLS/SSL certificate
https://notcve.org/view.php?id=CVE-2013-1909
The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. El cliente Python en Apache Qpid anterior a v2.2 no verifica que el nombre del servidor coincide con un nombre de dominio en el nombre común del sujeto (CN) o el campo subjectAltName del certificado X.509, permitiendo a los atacantes de hombre-en-medio (man-in-the-middle) falsificar servidores SSL mediante un certificado válido de su elección. • http://qpid.apache.org/releases/qpid-0.22/release-notes.html http://rhn.redhat.com/errata/RHSA-2013-1024.html http://secunia.com/advisories/53968 http://secunia.com/advisories/54137 http://svn.apache.org/viewvc?view=revision&revision=1460013 https://issues.apache.org/jira/browse/QPID-4918 https://access.redhat.com/security/cve/CVE-2013-1909 https://bugzilla.redhat.com/show_bug.cgi?id=928530 • CWE-20: Improper Input Validation •
CVSS: 2.1EPSS: 0%CPEs: 259EXPL: 1CVE-2013-2164 – Kernel: information leak in cdrom driver
https://notcve.org/view.php?id=CVE-2013-2164
The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive. La función mmc_ioctl_cdrom_read_data en drivers/cdrom/cdrom.c en el kernel de Linux hasta v3.10 permite a usuarios locales obtener información sensible de la memoria del kernel a través de operaciones de lectura en una unidad de CD-ROM que no funcione correctamente • http://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/drivers/cdrom/cdrom.c?id=050e4b8fb7cdd7096c987a9cd556029c622c7fe2 http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html http://rhn.redhat.com/errata/RHSA-2013-1166.html http://rhn.redhat.com/errata/RHSA-2013-1645.html http://www.debian.org/security/2013/dsa-2766 h • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 2CVE-2013-3301 – Linux Kernel 3.2.1 - Tracing Multiple Local Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-3301
The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call. La implementacion ftrace en Linux Kernel anterior a v3.8.8 permite a usuarios locales provocar una denegación de servicio (referencia a puntero NULL y caída del sistema) o posiblemente tener otro impacto no especificado a través del aprovechamiento de la capacidad CAP_SYS_ADMIN para el acceso de escritura a los ficheros (1) set_ftrace_pid o (2) set_graph_function y luego hacer una llamada al sistema "lseek". • https://www.exploit-db.com/exploits/38465 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6a76f8c0ab19f215af2a3442870eeb5f0e81998d http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html http://rhn.redhat.com/errata/RHSA-2013-1051.html http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.8 http://www.openwall.com/lists/oss-security/2013/04/15/1 http:// • CWE-476: NULL Pointer Dereference •