CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2013-4508
https://notcve.org/view.php?id=CVE-2013-4508
lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network. lighttpd anteriores a 1.4.34, cuando SNI esta habilitado, configura cifrados SSL débiles, lo que hace más fácil para un atacante remoto secuestrar sesiones insertando paquetes en el flujo de datos cliente-servidor u obtener información sensible capturando la red. • http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_01.txt http://jvn.jp/en/jp/JVN37417423/index.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00049.html http://marc.info/?l=bugtraq&m=141576815022399&w=2 http://openwall.com/lists/oss-security/2013/11/04/19 http://redmine.lighttpd.net/issues/2525 http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2913/diff https://www.debian.org/security/2013/dsa-2795 • CWE-326: Inadequate Encryption Strength •
CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 1CVE-2013-2190
https://notcve.org/view.php?id=CVE-2013-2190
The translate_hierarchy_event function in x11/clutter-device-manager-xi2.c in Clutter, when resuming the system, does not properly handle XIQueryDevice errors when a device has "disappeared," which causes the gnome-shell to crash and allows physically proximate attackers to access the previous gnome-shell session via unspecified vectors. La función translate_hierarchy_event de x11/clutter-device-manager-xi2.c en nClutter, al reanudar el sistema, no maneja adecuadamente los errores XIQueryDevice cuando un dispositivo ha "desaparecido," lo que provoca el cuelgue de gnome-shell y permite físicamente a atacantes próximos el acceso a anteriores sesiones de gnome-shell a través de vectores sin especificar. • http://lists.opensuse.org/opensuse-updates/2013-10/msg00014.html http://www.openwall.com/lists/oss-security/2013/06/19/1 https://bugzilla.gnome.org/show_bug.cgi?id=701974 https://bugzilla.redhat.com/show_bug.cgi?id=980111 https://git.gnome.org/browse/clutter/commit/?h=clutter-1.14&id=e310c68d7b38d521e341f4e8a36f54303079d74e https://git.gnome.org/browse/clutter/commit/?h=clutter-1.16&id=d343cc6289583a7b0d929b82b740499ed588b1ab • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 1%CPEs: 5EXPL: 1CVE-2013-4389
https://notcve.org/view.php?id=CVE-2013-4389
Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message. Múltiples vulnerabilidadews de format string en archivos log_subscriber.rb en el componente de suscripción de log de Action Mailer en Ruby on Rails 3.x anterior a 3.2.15 permite a atacantes remotos causar una denegación de servicio a través de una dirección de email manipulada que es manejada de manera inapropiada durante la construcción de un mensaje de log. • http://lists.opensuse.org/opensuse-updates/2013-12/msg00091.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00094.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html http://www.debian.org/security/2014/dsa-2887 http://www.debian.org/security/2014/dsa-2888 https://groups.google.com/forum/message/raw?msg=ruby-security-ann/yvlR1Vx44c8/elKJkpO2KVgJ • CWE-134: Use of Externally-Controlled Format String •
CVSS: 6.8EPSS: 2%CPEs: 79EXPL: 0CVE-2013-2927
https://notcve.org/view.php?id=CVE-2013-2927
Use-after-free vulnerability in the HTMLFormElement::prepareForSubmission function in core/html/HTMLFormElement.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to submission for FORM elements. Vulnerabilidad de uso después de liberación en la función HTMLFormElement::prepareForSubmission en core/html/HTMLFormElement.cpp de Blink, tal como se usa en Google Chrome anterior a la versión 30.0.1599.101, permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto sin especificar a través de vectores relacionados con el envío de elementos FORM. • http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html http://googlechromereleases.blogspot.com/2013/10/stable-channel-update_15.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html http://lists.opensuse.org/opensuse-updates/2013-11/msg00077.html http://list • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2013-4365
https://notcve.org/view.php?id=CVE-2013-4365
Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors. Vulnerabilidad de desbordamiento de buffer (heap) en la función fcgid_header_bucket_read de fcgd_bucket.c en el modulo mod_fcgid anterior a 2.3.9 para Apache HTTP Server permite a atacantes remotos tener unimpacto no especificado a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00011.html http://lists.opensuse.org/opensuse-updates/2013-10/msg00055.html http://lists.opensuse.org/opensuse-updates/2013-10/msg00059.html http://lists.opensuse.org/opensuse-updates/2013-11/msg00024.html http://secunia.com/advisories/55197 http://svn.apache.org/viewvc?view=revision&revision=1527362 http://www.debian.org/security/2013/dsa-2778 http://www.mail-archive.com/dev%40httpd.apache.org/msg58077.html http://www. • CWE-787: Out-of-bounds Write •