CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2013-1425
https://notcve.org/view.php?id=CVE-2013-1425
ldap-git-backup before 1.0.4 exposes password hashes due to incorrect directory permissions. ldap-git-backup versiones anteriores a 1.0.4, expone hashes de contraseña debido a permisos de directorio incorrectos. • https://github.com/elmar/ldap-git-backup/commit/a90f3217fce87962db82d212f73af70693087124 https://security-tracker.debian.org/tracker/CVE-2013-1425 https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1096253.html • CWE-276: Incorrect Default Permissions •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2010-2450
https://notcve.org/view.php?id=CVE-2010-2450
The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key is world readable by default. El script keygen.sh en Shibboleth SP 2.0 (ubicado en /usr/local/etc/shibboleth por defecto) utiliza OpenSSL para crear una clave privada DES que es colocada en el archivo sp-key.pm. Se basa en la umask root (predeterminado 22) en lugar de chmoding del archivo resultante en sí mismo, por lo que la clave privada generada es de tipo world readable por defecto. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=571631 https://security-tracker.debian.org/tracker/CVE-2010-2450 https://todos.internet2.edu/browse/SSPCPP-106 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-916: Use of Password Hash With Insufficient Computational Effort •
CVSS: 7.4EPSS: 0%CPEs: 4EXPL: 2CVE-2012-0051
https://notcve.org/view.php?id=CVE-2012-0051
Tahoe-LAFS 1.9.0 fails to ensure integrity which allows remote attackers to corrupt mutable files or directories upon retrieval. Tahoe-LAFS versión 1.9.0, no garantiza la integridad lo que permite a atacantes remotos corromper archivos o directorios mutables tras recuperarlos. • http://www.openwall.com/lists/oss-security/2012/01/15/11 http://www.openwall.com/lists/oss-security/2012/01/26/7 http://www.openwall.com/lists/oss-security/2012/01/26/8 http://www.openwall.com/lists/oss-security/2012/01/26/9 https://security-tracker.debian.org/tracker/CVE-2012-0051 https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1654 • CWE-20: Improper Input Validation •
CVSS: 4.9EPSS: 0%CPEs: 9EXPL: 0CVE-2019-18809 – kernel: memory leak in af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c
https://notcve.org/view.php?id=CVE-2019-18809
A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-2289adbfa559. Una pérdida de memoria en la función af9005_identify_state() en el archivo drivers/media/usb/dvb-usb/af9005.c en el kernel de Linux versiones hasta 5.3.9, permite a atacantes causar una denegación de servicio (consumo de memoria), también se conoce como CID-2289adbfa559. A flaw was found in the Afatech 9005 DVB-T receiver driver in the Linux kernel. An attacker, with physical access to the system, could cause the system to crash following a resource cleanup. The highest threat from this vulnerability is to system availability. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html https://github.com/torvalds/linux/commit/2289adbfa559050d2a38bcd9caac1c18b800e928 https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYIFGYEDQXP5DVJQQUARQRK2PXKBKQGY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWWOOJKZ4NQYN4RMFIVJ3ZIXKJJI3MKP https://security.netapp.com/advisory/ntap-20191205-0001 https://usn • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 2CVE-2019-18804
https://notcve.org/view.php?id=CVE-2019-18804
DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp. DjVuLibre versión 3.5.27, presenta una desreferencia del puntero NULL en la función DJVU::filter_fv en el archivo IW44EncodeCodec.cpp. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00068.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00069.html https://github.com/TeamSeri0us/pocs/blob/master/djvulibre/DJVU__filter_fv%40IW44EncodeCodec.cpp_499-43___SEGV_UNKNOW.md https://lists.debian.org/debian-lts-announce/2019/11/msg00004.html https://lists.debian.org/debian-lts-announce/2021/05/msg00022.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JO65AW • CWE-476: NULL Pointer Dereference •