CVE-2013-2145
https://notcve.org/view.php?id=CVE-2013-2145
The cpansign verify functionality in the Module::Signature module before 0.72 for Perl allows attackers to bypass the signature check and execute arbitrary code via a SIGNATURE file with a "special unknown cipher" that references an untrusted module in Digest/. La funcionalidad de verificación cpansign en el módulo Module::Signature anterior a 0.72 para Perl, permite a atacantes evitar la comprobación de firma y ejecutar código arbitrarioa través de un archivo SIGNATURE con "un cifrado desconocido especial" que referencia a un módulo no confiable en Digest/. • http://lists.opensuse.org/opensuse-updates/2013-07/msg00039.html http://lists.opensuse.org/opensuse-updates/2013-07/msg00043.html http://www.openwall.com/lists/oss-security/2013/06/05/16 http://www.securityfocus.com/bid/60352 http://www.ubuntu.com/usn/USN-1896-1 https://bugzilla.redhat.com/show_bug.cgi?id=971096 https://github.com/audreyt/module-signature/commit/575f7bd6ba4cc7c92f841e8758f88a131674ebf2 https://github.com/audreyt/module-signature/commit/cbd06b392a73c63159dc5c20ff5b3c8fc88c4896 • CWE-20: Improper Input Validation •
CVE-2013-1690 – Mozilla Firefox and Thunderbird Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2013-1690
Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location. Mozilla Firefox anterior a 22.0, Firefox ESR 17.x anterior a 17.0.7, Thunderbird anterior a 17.0.7, y Thunderbird ESR 17.x anterior a 17.0.7 no manejan adecuadamente los eventos "onreadystatechange" en conjunción con las recargas de página, lo que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente la ejecución arbitraria de código a través de un sitio web manipulado que provoca un intento de ejecución de datos y una asignación de memoria sin mapear. Mozilla Firefox and Thunderbird do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial-of-service (DoS) or possibly execute malicious code via a crafted web site. • https://www.exploit-db.com/exploits/27429 http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.html http://rhn • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-4082
https://notcve.org/view.php?id=CVE-2013-4082
The vwr_read function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.8 does not validate the relationship between a record length and a trailer length, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted packet. La función vwr_read en wiretap/vwr.c en el analizador Ixia IxVeriWave en Wireshark 1.8.x anterior a 1.8.8, no valida la relación entre el tamaño de registro el tamaño del "trailer", lo que permite a atacantes remotos provocar una denegación de servicio (desbordamiento de búfer basado en memoria dinámica y caída de aplicación) a través de un paquete manipulado. • http://anonsvn.wireshark.org/viewvc/trunk/wiretap/vwr.c?r1=49739&r2=49738&pathrev=49739 http://anonsvn.wireshark.org/viewvc?view=revision&revision=49739 http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html http://secunia.com/advisories/53762 http://secunia.com/advisories/54425 http://www.debian.org/security/2013/dsa-2709 http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml http://www.wireshark.org • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-4074 – Wireshark CAPWAP Dissector - Denial of Service
https://notcve.org/view.php?id=CVE-2013-4074
The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. La función dissect_capwap_data en epan/dissectors/packet-capwap.c en el dissector CAPWAP en Wireshark v1.6.x anterior a v1.6.16 y v1.8.x anterior a v1.8.8 usa incorrectamente un valor de -1 para representar un error de condición, lo que permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) mediante un paquete especialmente diseñado. • https://www.exploit-db.com/exploits/33556 http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-capwap.c?r1=43716&r2=43715&pathrev=43716 http://anonsvn.wireshark.org/viewvc?view=revision&revision=43716 http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html http://osvdb.org/show/osvdb/94091 http://packetstormsecurity.com/files/126848/Wireshark-CAPWAP-Dissector-Denial-Of-Service.html http://secunia.com/advisories • CWE-189: Numeric Errors •
CVE-2013-4076
https://notcve.org/view.php?id=CVE-2013-4076
Buffer overflow in the dissect_iphc_crtp_fh function in epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet. Desbordamiento de búfer en la función dissect_iphc_crtp_fh en epan/dissectors/packet-ppp.c en el dissector PPP en Wireshark v1.8.x anterior a v1.8.8 permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) mediante un paquete especialmente diseñado. • http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ppp.c?r1=46128&r2=46127&pathrev=46128 http://anonsvn.wireshark.org/viewvc?view=revision&revision=46128 http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html http://secunia.com/advisories/53762 http://secunia.com/advisories/54425 http://www.debian.org/security/2013/dsa-2709 http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml http://www • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •