CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 2CVE-2012-4385 – letodms 3.3.6 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-4385
letodms 3.3.6 has CSRF via change password letodms versión 3.3.6, tiene una vulnerabilidad de tipo CSRF mediante el cambio de contraseña. • https://www.exploit-db.com/exploits/20759 http://www.openwall.com/lists/oss-security/2012/08/31/19 https://security-tracker.debian.org/tracker/CVE-2012-4385 https://vulmon.com/exploitdetails?qidtp=EDB&qid=20759 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2CVE-2012-4384 – letodms 3.3.6 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-4384
letodms has multiple XSS issues: Reflected XSS in Login Page, Stored XSS in Document Owner/User name, Stored XSS in Calendar letodms tiene múltiples problemas de tipo XSS: XSS Reflejado en la Página Login, XSS Almacenado en el nombre Document Owner/User, XSS Almacenado en el Calendario. • https://www.exploit-db.com/exploits/20759 http://www.openwall.com/lists/oss-security/2012/08/31/19 https://security-tracker.debian.org/tracker/CVE-2012-4384 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.0EPSS: 0%CPEs: 117EXPL: 0CVE-2019-11139
https://notcve.org/view.php?id=CVE-2019-11139
Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access. Una comprobación de condiciones inapropiadas en la interfaz de modulación de voltaje para algunos Intel® Xeon® Scalable Processors, puede habilitar a un usuario privilegiado para permitir potencialmente una denegación de servicio por medio de un acceso local. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00045.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00046.html https://lists.debian.org/debian-lts-announce/2019/12/msg00035.html https://seclists.org/bugtraq/2019/Dec/28 https://support.f5.com/csp/article/K42433061?utm_source=f5support&%3Butm_medium=RSS https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03969en_us https://www.intel.com/content/www/us/en/security- • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 6.5EPSS: 0%CPEs: 324EXPL: 0CVE-2019-11135 – hw: TSX Transaction Asynchronous Abort (TAA)
https://notcve.org/view.php?id=CVE-2019-11135
TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. Una condición de tipo TSX Asynchronous Abort en algunas CPU que utilizan ejecución especulativa puede habilitar a un usuario autenticado para permitir potencialmente una divulgación de información por medio de un canal lateral con acceso local. A flaw was found in the way Intel CPUs handle speculative execution of instructions when the TSX Asynchronous Abort (TAA) error occurs. A local authenticated attacker with the ability to monitor execution times could infer the TSX memory state by comparing abort execution times. This could allow information disclosure via this observed side-channel for any TSX transaction being executed while an attacker is able to observe abort timing. Intel's Transactional Synchronisation Extensions (TSX) are set of instructions which enable transactional memory support to improve performance of the multi-threaded applications, in the lock-protected critical sections. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00045.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00042.html http://packetstormsecurity.com/files/155375/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://www.openwall.com/lists/oss-security/2019/12/10/3 http://www.openwall.com/lists/oss-security/2019/12/10/4 http://www.openwall.com/lists/oss-security/2019/12 • CWE-203: Observable Discrepancy •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2010-3440
https://notcve.org/view.php?id=CVE-2010-3440
babiloo 2.0.9 before 2.0.11 creates temporary files with predictable names when downloading and unpacking dictionary files, allowing a local attacker to overwrite arbitrary files. babiloo versión 2.0.9 anteriores a 2.0.11, crea archivos temporales con nombres predecibles cuando se c, permitiendo a un atacante local sobrescribir archivos arbitrarios. • https://access.redhat.com/security/cve/cve-2010-3440 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=591995 https://security-tracker.debian.org/tracker/CVE-2010-3440 • CWE-494: Download of Code Without Integrity Check •