Page 12 of 312 results (0.012 seconds)

CVSS: 4.1EPSS: 0%CPEs: 10EXPL: 0

CVE-2013-4475 – samba: no access check verification on stream files

https://notcve.org/view.php?id=CVE-2013-4475

Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated alternate data stream (ADS). Samba 3.x anteriores a 3.6.20, 4.0.x anteriores a 4.0.11, y 4.1.x anteriores a 4.1.1, cuando vfs_streams_depot o vfs_streams_xattr está activo, permite a atacantes remotos sortear restricciones de fichero aprovechando diferencias en las ACL entre un fichero un "alternate data stream" (ADS) asociado. • http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00002.html http://lists.opensuse.org/opensuse-updates/2013-11/msg00083.html http://lists.opensuse.org/opensuse-updates/2013-11/msg00115.html http://lists.opensuse.org/opensuse-updates/2013-11/msg00117.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00088.html http://rhn.redhat.com/errata/RHSA-2013-1806.html http://rhn.redhat.com/errata • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 2%CPEs: 7EXPL: 0

CVE-2013-4560

https://notcve.org/view.php?id=CVE-2013-4560

Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures. Vulnerabilidad de uso después de liberación en lighttpd anterior a la versión 1.4.33 permite a atacantes remotos provocar una denegación de servicio (fallo de segmentación y caída) a través de vectores que desencadenen fallos FAMMonitorDirectory. • http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_03.txt http://jvn.jp/en/jp/JVN37417423/index.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00049.html http://marc.info/?l=bugtraq&m=141576815022399&w=2 http://secunia.com/advisories/55682 http://www.openwall.com/lists/oss-security/2013/11/12/4 https://www.debian.org/security/2013/dsa-2795 • CWE-416: Use After Free •

CVSS: 7.6EPSS: 1%CPEs: 7EXPL: 0

CVE-2013-4559

https://notcve.org/view.php?id=CVE-2013-4559

lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is reached. lighttpd anterior a la versión 1.4.33 no comprueba el valor de vuelta de (1) setuid, (2) setgid, o (3) setgroups, lo que podría causar que lighttpd se ejecute bajo administrador si es reiniciado y permitir a atacantes remotos obtener privilegios, tal y como se demostró con múltiples llamadas a la función de clonado que provocó que setuid fallara cuando el límite de proceso de usuario era alcanzado. • http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_02.txt http://jvn.jp/en/jp/JVN37417423/index.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00049.html http://marc.info/?l=bugtraq&m=141576815022399&w=2 http://secunia.com/advisories/55682 http://www.openwall.com/lists/oss-security/2013/11/12/4 https://kc.mcafee.com/corporate/index?page=content&id=SB10310 https://www.debian.org/security/2013/dsa-2795 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1

CVE-2013-4508

https://notcve.org/view.php?id=CVE-2013-4508

lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network. lighttpd anteriores a 1.4.34, cuando SNI esta habilitado, configura cifrados SSL débiles, lo que hace más fácil para un atacante remoto secuestrar sesiones insertando paquetes en el flujo de datos cliente-servidor u obtener información sensible capturando la red. • http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_01.txt http://jvn.jp/en/jp/JVN37417423/index.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00049.html http://marc.info/?l=bugtraq&m=141576815022399&w=2 http://openwall.com/lists/oss-security/2013/11/04/19 http://redmine.lighttpd.net/issues/2525 http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2913/diff https://www.debian.org/security/2013/dsa-2795 • CWE-326: Inadequate Encryption Strength •

CVSS: 4.0EPSS: 0%CPEs: 15EXPL: 0

CVE-2013-3839 – mysql: unspecified DoS related to Optimizer (CPU October 2013)

https://notcve.org/view.php?id=CVE-2013-3839

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier, 5.5.32 and earlier, and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. Vulnerabilidad no especificada en el componente MySQL Server de Oracle MySQL 5.1.70 y anteriores, 5.5.32 y anteriores y 5.6.12 y anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con Optimizer. • http://rhn.redhat.com/errata/RHSA-2014-0173.html http://rhn.redhat.com/errata/RHSA-2014-0186.html http://rhn.redhat.com/errata/RHSA-2014-0189.html http://secunia.com/advisories/55291 http://security.gentoo.org/glsa/glsa-201409-04.xml http://www.debian.org/security/2013/dsa-2780 http://www.debian.org/security/2013/dsa-2818 http://www.mandriva.com/security/advisories?name=MDVSA-2013:250 http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html http:/&#x •