Page 18 of 265 results (0.039 seconds)

CVSS: 4.3EPSS: 0%CPEs: 186EXPL: 0

CVE-2014-0081 – rubygem-actionpack: number_to_currency, number_to_percentage and number_to_human XSS vulnerability

https://notcve.org/view.php?id=CVE-2014-0081

Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper. Múltiples vulnerabilidades de XSS en actionview/lib/action_view/helpers/number_helper.rb en Ruby on Rails anterior a 3.2.17, 4.0.x anterior a 4.0.3 y 4.1.x anterior a 4.1.0.beta2 permiten a atacantes remotos inyectar script Web o HTML arbitrarios a través del parámetro (1) format, (2) negative_format, o (3) units hacia la ayuda de (a) number_to_currency, (b) number_to_percentage, o (c) number_to_human. • http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html http://openwall.com/lists/oss-security/2014/02/18/8 http://rhn.redhat.com/errata/RHSA-2014-0215.html http://rhn.redhat.com/errata/RHSA-2014-0306.html http://secunia.com/advisories/57376 http://www.securityfocus.com/bid/65647 http://www.securitytracker.com/id/1029782 https://groups.google.com/forum/message/raw?msg=rubyonrails-security/tfp6gZCtzr4/j8LUHmu7fIEJ https://access.redhat.com/security/cve/CVE-2014-0081 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.2EPSS: 0%CPEs: 279EXPL: 1

CVE-2013-6368 – kvm: cross page vapic_addr access

https://notcve.org/view.php?id=CVE-2013-6368

The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. El subsistema de KVM en el kernel de Linux hasta 3.12.5 permite a usuarios locales conseguir privilegios o causar una denegación de servicio (caída del sistema) a través de una operación de sincronización VAPIC que implica una dirección de final de página • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fda4e2e85589191b123d31cdc21fd33ee70f50fd http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00003.html http://lists.opensuse.org/opensuse-updates/2014-02/msg00045.html http://rhn.redhat.com/errata/RHSA-2013-1801.html http://rhn.redhat.com/errata/RHSA-2014-0163.html http://rhn.redhat.com/errata/RHSA-2014-0284.html http:/ • CWE-20: Improper Input Validation •

CVSS: 6.1EPSS: 8%CPEs: 4EXPL: 1

CVE-2013-4282 – spice: stack buffer overflow in reds_handle_ticket() function

https://notcve.org/view.php?id=CVE-2013-4282

Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket. Desbordamiento de búfer de pila en la función reds_handle_ticket en server/reds.c en SPICE 0.12.0 que permite a atacantes remotos provocar una denegación de servicio (caída) a través de una contraseña larga en un ticket de SPICE. • http://cgit.freedesktop.org/spice/spice/commit/?id=8af619009660b24e0b41ad26b30289eea288fcc2 http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00008.html http://rhn.redhat.com/errata/RHSA-2013-1460.html http://rhn.redhat.com/errata/RHSA-2013-1473.html http://rhn.redhat.com/errata/RHSA-2013-1474.html http://www.debian.org/security/2014/dsa-2839 http://www.securityfocus.com/bid/63408 http://www.ubuntu.com/usn/USN-2027-1 https://access.redhat.com/security/cve/CVE-2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •

CVSS: 6.0EPSS: 0%CPEs: 266EXPL: 2

CVE-2013-4299 – kernel: dm: dm-snapshot data leak

https://notcve.org/view.php?id=CVE-2013-4299

Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device. Conflicto de interpretación en drivers/md/dm-snap-persistent.c en el kernel de Linux hasta 3.11.6 permite a usuarios remotamente autenticados obtener información sensible o modificar datos a través de un mapeado manipulado a un dispositivo de capturas de bloque. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9c6a182649f4259db704ae15a91ac820e63b0ca http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://rhn.redhat.com/errata/RHSA-2013-1436.html http://rhn.redhat.com/errata/RHSA-2013-1449.html http://rhn.redhat.com/errata/RHSA-2013-1450.html http://rhn.redhat.com/errata/RHSA-2013-1460.html http://rhn.redhat.com/errata • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.8EPSS: 0%CPEs: 274EXPL: 0

CVE-2013-4345 – kernel: ansi_cprng: off by one error in non-block size request

https://notcve.org/view.php?id=CVE-2013-4345

Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. Error de superación en la función get_prng_bytes en crypto/ansi_cprng.c en el kernel de Linux hasta la versión 3.11.4 hace que sea más fácil para atacantes dependientes del contexto anular mecanismos de protección criptográficos a través de múltiples peticiones por pequeñas cantidades de datos, que conduce a la gestión inadecuada del estado de los datos consumidos. • http://marc.info/?l=linux-crypto-vger&m=137942122902845&w=2 http://rhn.redhat.com/errata/RHSA-2013-1449.html http://rhn.redhat.com/errata/RHSA-2013-1490.html http://rhn.redhat.com/errata/RHSA-2013-1645.html http://www.securityfocus.com/bid/62740 http://www.ubuntu.com/usn/USN-2064-1 http://www.ubuntu.com/usn/USN-2065-1 http://www.ubuntu.com/usn/USN-2068-1 http://www.ubuntu.com/usn/USN-2070-1 http://www.ubuntu.com/usn/USN-2071-1 http:& • CWE-189: Numeric Errors CWE-193: Off-by-one Error •