CVSS: 6.8EPSS: 2%CPEs: 16EXPL: 0CVE-2013-6393 – libyaml: heap-based buffer overflow when parsing YAML tags
https://notcve.org/view.php?id=CVE-2013-6393
The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow. La función yaml_parser_scan_tag_uri en scanner.c en LibYAML anterior a 0.1.5 lleva a cabo un "cast" incorrecto, lo que permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) y probablemente ejecutar código arbitrario a través de etiquetas manipuladas en YAML. • http://advisories.mageia.org/MGASA-2014-0040.html http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html http://lists.opensuse.org/opensuse-updates/2014-02/msg00064.html http://lists.opensuse.org/opensuse-updates/2014-02/msg00065.html http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html http://osvdb.org/102716 http://rhn.redhat.com&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 6.8EPSS: 1%CPEs: 20EXPL: 0CVE-2013-6425 – pixman: integer underflow when handling trapezoids
https://notcve.org/view.php?id=CVE-2013-6425
Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value. Desbordamiento de entero en la macro pixman_trapezoid_valid en pixman.h de Pixman anteriores a 0.32.0, utilizado en el servidor X.Org y cairo, permite a atacantes dependientes de contexto causar una denegación de servicio (crash) a través de un valor mínimo negativo. • http://cgit.freedesktop.org/pixman/commit/?id=5e14da97f16e421d084a9e735be21b1025150f0c http://lists.freedesktop.org/archives/pixman/2013-November/003109.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00001.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00005.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00008.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00097.html http://rhn.redhat.com/errata/RHSA-2013-1869.html http://www.debian.org/security/2013&#x • CWE-190: Integer Overflow or Wraparound CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 0CVE-2013-4587
https://notcve.org/view.php?id=CVE-2013-4587
Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. Error de índice de array en la función kvm_vm_ioctl_create_vcpu en virt/kvm/kvm_main.c en el subsistema de KVM en el kernel de Linux hasta la versión 3.12.5 que permite a usuarios locales conseguir privilegios a través de un valor grande de id. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=338c7dbadd2671189cec7faf64c84d01071b3f96 http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00003.html http://lists.opensuse.org/opensuse-updates/2014-02/msg00045.html http://www.openwall.com/lists/oss-security/2013/12/12/12 http://www.ubuntu.com/usn/USN-2109-1 http://www.ubuntu.com/usn/USN-2110-1 http://www.ub • CWE-20: Improper Input Validation •
CVSS: 5.8EPSS: 1%CPEs: 228EXPL: 0CVE-2013-5611
https://notcve.org/view.php?id=CVE-2013-5611
Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation. Mozilla Firefox anterior a la versión 26.0 no elimina adecuadamente el doorhanger de la aplicación de instalación, lo que hace más sencillo para atancates remotos falsificar un sitio de instalación Web App mediante el control del tiempo de navegación por páginas. • http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html http:&#x •
CVSS: 7.5EPSS: 95%CPEs: 81EXPL: 2CVE-2013-6420 – PHP - 'openssl_x509_parse()' Memory Corruption
https://notcve.org/view.php?id=CVE-2013-6420
The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function. La función asn1_time_to_time_t en ext / openssl / openssl.c en PHP anterior a 5.3.28, 5.4.x aterior a 5.4.23 y 5.5.x anterior de 5.5.7 no trata correctamente las marcas de tiempo (timestamps) (1) notBefore y (2) notAfter en certificados X 0.509 , lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un certificado manipulado que no está tratado adecuadamente por la función openssl_x509_parse. The PHP function openssl_x509_parse() uses a helper function called asn1_time_to_time_t() to convert timestamps from ASN1 string format into integer timestamp values. The parser within this helper function is not binary safe and can therefore be tricked to write up to five NUL bytes outside of an allocated buffer. This problem can be triggered by x509 certificates that contain NUL bytes in their notBefore and notAfter timestamp fields and leads to a memory corruption that might result in arbitrary code execution. • https://www.exploit-db.com/exploits/30395 http://forums.interworx.com/threads/8000-InterWorx-Version-5-0-14-Released-on-Beta-Channel%21 http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=c1224573c773b6845e83505f717fbf820fc18415 http://lists.opensuse.org/opensuse-updates/2013-12/msg00125.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00126.html http://rhn.redhat.com/errata/RHSA-2013-1813.html http://rhn.redhat.com/errata/RHSA-2013-1815.html http://rhn.redhat.com/errata/RHSA • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •