CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2012-0877
https://notcve.org/view.php?id=CVE-2012-0877
22 Nov 2019 — PyXML: Hash table collisions CPU usage Denial of Service PyXML: la CPU de colisiones de tablas hash usa una Denegación de Servicio • http://seclists.org/oss-sec/2014/q3/96 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3585
https://notcve.org/view.php?id=CVE-2014-3585
22 Nov 2019 — redhat-upgrade-tool: Does not check GPG signatures when upgrading versions redhat-upgrade-tool: no comprueba las firmas GPG al actualizar versiones. • https://access.redhat.com/security/cve/cve-2014-3585 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 4.7EPSS: 0%CPEs: 7EXPL: 1CVE-2015-7810
https://notcve.org/view.php?id=CVE-2015-7810
22 Nov 2019 — libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files La clase libbluray MountManager presenta una carrera de tiempo de comprobación y tiempo de uso (TOCTOU) cuando se expanden archivos JAR. • http://www.openwall.com/lists/oss-security/2015/10/12/7 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2015-5694
https://notcve.org/view.php?id=CVE-2015-5694
22 Nov 2019 — Designate does not enforce the DNS protocol limit concerning record set sizes Designate no aplica el límite del protocolo DNS con respecto a los tamaños del conjunto de registros. • http://www.openwall.com/lists/oss-security/2015/07/28/11 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 8.8EPSS: 4%CPEs: 7EXPL: 0CVE-2019-13723 – chromium-browser: use-after-free in bluetooth
https://notcve.org/view.php?id=CVE-2019-13723
21 Nov 2019 — Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en WebBluetooth en Google Chrome versiones anteriores a 78.0.3904.108, permitió a un atacante remoto, que había comprometido el proceso del renderizador, explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada. An update that fixes two ... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00035.html • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2012-6136
https://notcve.org/view.php?id=CVE-2012-6136
20 Nov 2019 — tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes. tuned versión 2.10.0 crea su archivo PID con permisos no seguros lo que permite a usuarios locales eliminar procesos arbitrarios. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6136 • CWE-276: Incorrect Default Permissions •
CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 1CVE-2019-14864 – Ansible: Splunk and Sumologic callback plugins leak sensitive data in logs
https://notcve.org/view.php?id=CVE-2019-14864
20 Nov 2019 — Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data. Ansible, versiones 2.9.x anteriores a la versión 2.9.1, versiones 2.8.x anteriores a la versión 2.8.7 y Ansible versiones 2.7.x anteriores a la versión 2.7.15, no respeta el flag no_log, configurado en True cuando los... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html • CWE-117: Improper Output Neutralization for Logs CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2011-4967
https://notcve.org/view.php?id=CVE-2011-4967
19 Nov 2019 — tog-Pegasus has a package hash collision DoS vulnerability tog-Pegasus presenta una vulnerabilidad de DoS de colisión de paquete hash. • http://bugzilla.openpegasus.org/show_bug.cgi?id=9182 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2014-5118
https://notcve.org/view.php?id=CVE-2014-5118
18 Nov 2019 — Trusted Boot (tboot) before 1.8.2 has a 'loader.c' Security Bypass Vulnerability Trusted Boot (tboot) anterior a la versión 1.8.2 tiene una vulnerabilidad de omisión de seguridad en "loader.c" • http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136768.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-10172 – jackson-mapper-asl: XML external entity similar to CVE-2016-3720
https://notcve.org/view.php?id=CVE-2019-10172
18 Nov 2019 — A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes. Se detectó un fallo en las bibliotecas org.codehaus.jackson:jackson-mapper-asl:1.9.x. Las vulnerabilidades de tipo XML external entity similares a CVE-2016-3720, también afectan a las bibliotecas codehaus jackson-mapper-asl pero en diferentes clases. A flaw was found in org.codehaus.jackson:jackson-... • https://github.com/rusakovichma/CVE-2019-10172 • CWE-611: Improper Restriction of XML External Entity Reference •