Page 11 of 312 results (0.022 seconds)

CVSS: 5.0EPSS: 35%CPEs: 5EXPL: 1

CVE-2013-6890 – DenyHosts - 'regex.py' Remote Denial of Service

https://notcve.org/view.php?id=CVE-2013-6890

denyhosts 2.6 uses an incorrect regular expression when analyzing authentication logs, which allows remote attackers to cause a denial of service (incorrect block of IP addresses) via crafted login names. denyhosts v2.6 utiliza una expresión regular incorrecta al analizar los registros de autenticación, , lo cual permite a atacantes remotos causar una denegación de servicio (secuencia incorrecta de direcciones IP) a través de nombres de inicio de sesión manipulados. • https://www.exploit-db.com/exploits/38909 http://seclists.org/oss-sec/2013/q4/535 http://secunia.com/advisories/56239 http://www.debian.org/security/2013/dsa-2826 https://bugzilla.redhat.com/show_bug.cgi?id=1045982 • CWE-287: Improper Authentication •

CVSS: 7.4EPSS: 0%CPEs: 9EXPL: 0

CVE-2013-6424 – xorg-x11-server: integer underflow when handling trapezoids

https://notcve.org/view.php?id=CVE-2013-6424

Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value. Underflow de entero en la macro xTrapezoidValid en render/picture.h de X.Org permite a atacantes dependientes de contexto causar una denegación de servicio (crash) a través de un valor mínimo negativo . • http://lists.opensuse.org/opensuse-updates/2013-12/msg00127.html http://lists.x.org/archives/xorg-devel/2013-October/037996.html http://rhn.redhat.com/errata/RHSA-2013-1868.html http://www.debian.org/security/2013/dsa-2822 http://www.openwall.com/lists/oss-security/2013/12/03/8 http://www.openwall.com/lists/oss-security/2013/12/04/8 http://www.ubuntu.com/usn/USN-2500-1 https://bugs.freedesktop.org/show_bug.cgi?id=67484 https://bugs.launchpad.net/ubuntu&# • CWE-190: Integer Overflow or Wraparound CWE-191: Integer Underflow (Wrap or Wraparound) •

CVSS: 6.8EPSS: 1%CPEs: 20EXPL: 0

CVE-2013-6425 – pixman: integer underflow when handling trapezoids

https://notcve.org/view.php?id=CVE-2013-6425

Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value. Desbordamiento de entero en la macro pixman_trapezoid_valid en pixman.h de Pixman anteriores a 0.32.0, utilizado en el servidor X.Org y cairo, permite a atacantes dependientes de contexto causar una denegación de servicio (crash) a través de un valor mínimo negativo. • http://cgit.freedesktop.org/pixman/commit/?id=5e14da97f16e421d084a9e735be21b1025150f0c http://lists.freedesktop.org/archives/pixman/2013-November/003109.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00001.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00005.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00008.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00097.html http://rhn.redhat.com/errata/RHSA-2013-1869.html http://www.debian.org/security/2013&#x • CWE-190: Integer Overflow or Wraparound CWE-191: Integer Underflow (Wrap or Wraparound) •

CVSS: 7.5EPSS: 1%CPEs: 45EXPL: 0

CVE-2013-6410

https://notcve.org/view.php?id=CVE-2013-6410

nbd-server in Network Block Device (nbd) before 3.5 does not properly check IP addresses, which might allow remote attackers to bypass intended access restrictions via an IP address that has a partial match in the authfile configuration file. nbd-server en Network Block Device (nbd) anteriores a 3.5 no comprueba correctamente direcciones IP, lo cual podría permitir a atacantes remotos sortear restricciones de acceso intencionadas a través de una dirección IP con una coincidencia parcial en el fichero de configuración authfile. • http://sourceforge.net/mailarchive/forum.php?thread_name=529BAA58.2080401%40uter.be&forum_name=nbd-general http://www.debian.org/security/2013/dsa-2806 http://www.openwall.com/lists/oss-security/2013/11/29/4 http://www.securityfocus.com/bid/64002 http://www.ubuntu.com/usn/USN-2676-1 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 59%CPEs: 15EXPL: 0

CVE-2013-6712 – php: heap-based buffer over-read in DateInterval

https://notcve.org/view.php?id=CVE-2013-6712

The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification. La función de análisis en ext/date/lib/parse_iso_intervals.c de PHP hasta la versión 5.5.6 no restringe adecuadamente la creación de objetos DateInterval, lo que podría permitir a atacantes remotos provocar una denegación de servicio (desbordamiento de búfer basado en memoria dinámica) a través de una especificación de intervalo manipulada. A buffer over-read flaw was found in the way the DateInterval class parsed interval specifications. An attacker able to make a PHP application parse a specially crafted specification using DateInterval could possibly cause the PHP interpreter to crash. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=12fe4e90be7bfa2a763197079f68f5568a14e071 http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00125.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00126.html http://rhn.redhat.com/errata/RHSA-2014-1765.html http://www.debian.org/security/2013/dsa-2816 http://www.ubuntu.com/usn/USN-2055-1 https://bugs.php.net/bug.php?id=66060 https://h20564&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •