CVSS: 4.3EPSS: 4%CPEs: 9EXPL: 1CVE-2013-5018
https://notcve.org/view.php?id=CVE-2013-5018
The is_asn1 function in strongSwan 4.1.11 through 5.0.4 does not properly validate the return value of the asn1_length function, which allows remote attackers to cause a denial of service (segmentation fault) via a (1) XAuth username, (2) EAP identity, or (3) PEM encoded file that starts with a 0x04, 0x30, or 0x31 character followed by an ASN.1 length value that triggers an integer overflow. La función is_asn1 en strongSwan v4.1.11 hasta v5.0.4 no valida correctamente el valor de retorno de la función asn1_length, lo que permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) a través de (1) nombre de usuario XAuth, (2) identidad EAP, o (3) la codificación PEM de un fichero que comienza con los caracteres "0x04, 0x30, o 0x31" seguidos por un valor de tamaño ASN.1 que dispara un desbordamiento de enteros. • http://lists.opensuse.org/opensuse-updates/2013-08/msg00021.html http://lists.opensuse.org/opensuse-updates/2013-08/msg00022.html http://lists.opensuse.org/opensuse-updates/2013-08/msg00050.html http://secunia.com/advisories/54315 http://secunia.com/advisories/54524 http://strongswan.org/blog/2013/08/01/strongswan-5.1.0-released.html http://strongswan.org/blog/2013/08/01/strongswan-denial-of-service-vulnerability-%28cve-2013-5018%29.html http://www.securityfocus.com/bid/61564 https& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 37EXPL: 0CVE-2013-4238 – python: hostname check bypassing vulnerability in SSL module
https://notcve.org/view.php?id=CVE-2013-4238
The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. La función ssl.match_hostname en el módulo SSL en Python v2.6 hasta v3.4 no manejar adecuadamente un carácter “\0” en un nombre de dominio en el campo Subject Alternative Name de un certificado X.509, lo que permite a atacantes "man-in-the-middle" suplantar servidores SSL de su elección mediante un certificado manipulado expedido por una Autoridad Certificadora legítima, un problema relacionado con CVE-2009-2408 • http://bugs.python.org/issue18709 http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00026.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00027.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00028.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00029.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00042.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00043.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 94%CPEs: 109EXPL: 0CVE-2013-4854 – ISC BIND rdata Denial Of Service Vulnerability
https://notcve.org/view.php?id=CVE-2013-4854
The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013. La implementación RFC en rdata.c en ISC BIND 9.7.x y 9.8.x anterior a 9.8.5-P2, 9.8.6b1, 9.9.x anterior a 9.9.3-P2, y 9.9.4b1, y DNSco BIND 9.9.3-S1 anterior a 9.9.3-S1-P1 y 9.9.4-S1b1, permite a atacantes remotos provocar una denegación de servicio (fallo de aserción y salida de demonio) a través de una petición con una sección RDATA manipulada que se maneja adecuadamente durante la contrucción de mensaje de log. Ha sido explotada "in the wild" en Julio de 2013. This vulnerability allows remote attackers to cause a denial of service condition on vulnerable installations of ISC BIND. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of an rdata section with a length that is less than four. • http://archives.neohapsis.com/archives/bugtraq/2013-08/0030.html http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html http://linux.oracle.com/errata/ELSA-2014-1244 http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113108.html http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113251.html http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00018.html http://rhn. •
CVSS: 7.5EPSS: 2%CPEs: 23EXPL: 0CVE-2013-4115 – squid: buffer overflow when processing overly long DNS names (SQUID-2013:2)
https://notcve.org/view.php?id=CVE-2013-4115
Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server termination) via a long name in a DNS lookup request. Desbordamiento de búfer en la función idnsALookup en dns_internal.cc en Squid v3.2 hasta v3.2.11 y v3.3 hasta v3.3.6, lo que permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria o finalización de servicio) a través de un nombre largo en una petición “DNS lookup”. A buffer overflow flaw was found in Squid's DNS lookup module. A remote attacker able to send HTTP requests to the Squid proxy could use this flaw to crash Squid. • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00024.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00030.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00033.html http://secunia.com/advi • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.0EPSS: 0%CPEs: 16EXPL: 0CVE-2013-3809
https://notcve.org/view.php?id=CVE-2013-3809
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log. Vulnerabilidad sin especificar en el componente MySQL Server en Oracle MySQL 5.5.31 y anteriores y 5.6.11 y anteriores, permite a usuarios autenticados remotamente comprometer la integridad a través de vectores relacionados con Audit Log. • http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html http://osvdb.org/95322 http://secunia.com/advisories/54300 http://www.debian.org/security/2013/dsa-2818 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.oracle.com/technetwor •