CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2013-4180 – Foreman: hosts_controller.rb power/ipmi_boot Symbol creation DoS
https://notcve.org/view.php?id=CVE-2013-4180
The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service (memory consumption) via unspecified input that is converted to a symbol. Las acciones (1) power y (2) ipmi_boot en el HostController de Foreman anterior 1.2.2 permite a atacante remoto causar denegacion de servicio (consumo de memoria) a través de una entrda sin especificar que es convertida a un simbolo • http://projects.theforeman.org/issues/2860 http://rhn.redhat.com/errata/RHSA-2013-1196.html http://theforeman.org/manuals/1.2/index.html#Releasenotesfor1.2.2 https://access.redhat.com/security/cve/CVE-2013-4180 https://bugzilla.redhat.com/show_bug.cgi?id=989755 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2013-4182 – foreman: app/controllers/api/v1/hosts_controller.rb API privilege escalation
https://notcve.org/view.php?id=CVE-2013-4182
app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request. app/controllers/api/v1/hosts_controller.rb en Foreman anteriores a v1.2.2 no restringe correctamente el acceso a hosts arbitrarios a través de una petición API. • http://projects.theforeman.org/issues/2863 http://rhn.redhat.com/errata/RHSA-2013-1196.html http://theforeman.org/manuals/1.2/index.html#Releasenotesfor1.2.2 https://bugzilla.redhat.com/show_bug.cgi?id=990374 https://access.redhat.com/security/cve/CVE-2013-4182 • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 1%CPEs: 72EXPL: 0CVE-2013-2882 – v8: remote DoS or unspecified other impact via type confusion
https://notcve.org/view.php?id=CVE-2013-2882
Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." Google V8, usado en Google Chrome anterior a 28.0.1500.95, permite a atacantes remotos provocar una denegación de servicio y causar otro tipo de impacto a través de vectores que aprovechan "la confusión de tipos". • http://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html http://rhn.redhat.com/errata/RHSA-2013-1201.html http://www.debian.org/security/2013/dsa-2732 https://code.google.com/p/chromium/issues/detail?id=260106 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17329 https://access.redhat.com/security/cve/CVE-2013-2882 https://bugzilla.redhat.com/show_bug.cgi?id=991116 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 0CVE-2013-2167 – python-keystoneclient: middleware memcache encryption and signing bypass
https://notcve.org/view.php?id=CVE-2013-2167
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass python-keystoneclient versiones 0.2.3 hasta la versión 0.2.5, tiene una omisión de firma de memcache de middleware. • http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113944.html http://rhn.redhat.com/errata/RHSA-2013-0992.html http://www.openwall.com/lists/oss-security/2013/06/19/5 http://www.securityfocus.com/bid/60680 https://access.redhat.com/security/cve/cve-2013-2167 https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-2167 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2167 https://exchange.xforce.ibmcloud.com/vulnerabilities/85492 https://security-tracker.de • CWE-345: Insufficient Verification of Data Authenticity CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 1CVE-2013-2166 – python-keystoneclient: middleware memcache encryption and signing bypass
https://notcve.org/view.php?id=CVE-2013-2166
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass python-keystoneclient versión 0.2.3 hasta la versión 0.2.5, tiene una omisión de cifrado de memcache del middleware. • http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113944.html http://rhn.redhat.com/errata/RHSA-2013-0992.html http://www.openwall.com/lists/oss-security/2013/06/19/5 http://www.securityfocus.com/bid/60684 https://access.redhat.com/security/cve/cve-2013-2166 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2166 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-2166 https://security-tracker.debian.org/tracker/CVE-2013-2166 https://access.redhat& • CWE-326: Inadequate Encryption Strength CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data •