Page 12 of 81 results (0.009 seconds)

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2012-4462 – condor: DoS when removing jobs via jobcontrol.py when job id is in square brackets

https://notcve.org/view.php?id=CVE-2012-4462

aviary/jobcontrol.py in Condor, as used in Red Hat Enterprise MRG 2.3, when removing a job, allows remote attackers to cause a denial of service (condor_schedd restart) via square brackets in the cproc option. aviary/jobcontrol.py de Condor, es usado en Red Hat Enterprise MRG v2.3, cuando se eliminan tareas, permite a atacantes remotos causar una denegación de servicios (condor_schedd reinicio) a través de corchetes en la opción cproc. • http://rhn.redhat.com/errata/RHSA-2013-0564.html http://rhn.redhat.com/errata/RHSA-2013-0565.html https://bugzilla.redhat.com/show_bug.cgi?id=860850 https://htcondor-git.cs.wisc.edu/?p=condor.git%3Ba=commitdiff%3Bh=8f9b304c4f6c0a98dafa61b2c0e4beb3b70e4c84 https://access.redhat.com/security/cve/CVE-2012-4462 • CWE-20: Improper Input Validation •

CVSS: 6.2EPSS: 0%CPEs: 114EXPL: 2

CVE-2013-1773 – Google Android Kernel 2.6 - Local Denial of Service Crash (PoC)

https://notcve.org/view.php?id=CVE-2013-1773

Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion. Desbordamiento de búfer en la implementación del sistema de ficheros VFAT en el kernel de Linux antes de v3.3 que permite a usuarios locales obtener privilegios o causar denegación de servicios por una operación de escritura VFAT en el sistema de ficheros con la opción de montado UTF-8, que no maneja correctamente conversiones de UTF-8 a UTF-16. • https://www.exploit-db.com/exploits/23248 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0720a06a7518c9d0c0125bd5d1f3b6264c55c3dd http://rhn.redhat.com/errata/RHSA-2013-0744.html http://rhn.redhat.com/errata/RHSA-2013-0928.html http://rhn.redhat.com/errata/RHSA-2013-1026.html http://www.exploit-db.com/exploits/23248 http://www.kernel.org/pub/linux/kernel/v3.x/patch-3.3.bz2 http://www.openwall.com/lists/oss-security/2013/02/26/8&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.0EPSS: 0%CPEs: 176EXPL: 0

CVE-2013-1774 – Kernel: USB io_ti driver NULL pointer dereference in routine chase_port

https://notcve.org/view.php?id=CVE-2013-1774

The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter. La función chase_port en drivers/usb/serial/io_ti.c en el kernel de Linux anteriores a v3.7.4 permite a usuarios locales provocar una denegación de servicio (desreferencia puntero NULL y caída del sistema) /dev/ttyUSB a través de un intento de leer o escribir en un convertidor serie Edgeport USB desconectado. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1ee0a224bc9aad1de496c795f96bc6ba2c394811 http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html http://rhn.redhat.com/errata/RHSA-2013-0744.html http://www.kernel.org/pub/linux • CWE-264: Permissions, Privileges, and Access Controls CWE-476: NULL Pointer Dereference •

CVSS: 5.0EPSS: 0%CPEs: 21EXPL: 1

CVE-2012-2680 – cumin: authentication bypass flaws

https://notcve.org/view.php?id=CVE-2012-2680

Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, does not properly restrict access to resources, which allows remote attackers to obtain sensitive information via unspecified vectors related to (1) "web pages," (2) "export functionality," and (3) "image viewing." Cumin, antes de v0.1.5444, tal y como lo utiliza Red Hat Enterprise Messaging, Realtime, y Grid (MRG) v2.0 no restringe adecuadamente el acceso a los recursos, lo que permite a atacantes remotos obtener información sensible a través de vectores no especificados relacionados con (1) las páginas web (2) ls funcionalidad de exportación", y (3) la "visualización de imágenes". • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=829421 http://rhn.redhat.com/errata/RHSA-2012-1278.html http://rhn.redhat.com/errata/RHSA-2012-1281.html http://secunia.com/advisories/50660 http://www.securityfocus.com/bid/55618 https://exchange.xforce.ibmcloud.com/vulnerabilities/78770 https://access.redhat.com/security/cve/CVE-2012-2680 https://bugzilla.redhat.com/show_bug.cgi?id=829421 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.8EPSS: 1%CPEs: 21EXPL: 1

CVE-2012-2734 – cumin: CSRF flaw

https://notcve.org/view.php?id=CVE-2012-2734

Multiple cross-site request forgery (CSRF) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to hijack the authentication of arbitrary users for requests that execute commands via unspecified vectors. Multiples vulnerabilidades de fasificación de peticiones en sitios cruzados (CSRF) en Cumin antes de v0.1.5444, tal y como se utiliza en Red Hat Enterprise Messaging, Realtime, y Grid 2.0 (MRG) permiten a atacantes remotos secuestrar la autenticación de usuarios de su elección para solicitudes que ejecutan comandos a través de vectores no especificados. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832124 http://rhn.redhat.com/errata/RHSA-2012-1278.html http://rhn.redhat.com/errata/RHSA-2012-1281.html http://secunia.com/advisories/50660 http://www.securityfocus.com/bid/55618 https://exchange.xforce.ibmcloud.com/vulnerabilities/78775 https://access.redhat.com/security/cve/CVE-2012-2734 https://bugzilla.redhat.com/show_bug.cgi?id=832124 • CWE-352: Cross-Site Request Forgery (CSRF) •