CVSS: 5.9EPSS: 1%CPEs: 13EXPL: 0CVE-2016-1231
https://notcve.org/view.php?id=CVE-2016-1231
Directory traversal vulnerability in the HTTP file-serving module (mod_http_files) in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) in an unspecified path. Vulnerabilidad de salto de directorio en el módulo HTTP file-serving (mod_http_files) en Prosody 0.9.x en versiones anteriores a 0.9.9 permite a atacantes remotos leer archivos arbitrarios a través de un .. (punto punto) en una ruta no especificada. • http://blog.prosody.im/prosody-0-9-9-security-release http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175829.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175868.html http://www.debian.org/security/2016/dsa-3439 http://www.openwall.com/lists/oss-security/2016/01/08/5 https://prosody.im/issues/issue/520 https://prosody.im/security/advisory_20160108-1 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 1.9EPSS: 0%CPEs: 96EXPL: 0CVE-2013-4242 – GnuPG susceptible to Yarom/Falkner flush+reload cache side-channel attack
https://notcve.org/view.php?id=CVE-2013-4242
GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload. GnuPG anterior a 1.4.14, y Libgcrypt anterior a 1.5.3 usado en GnuPG 2.0.x y posiblemente otros productos, permite a usuarios locales obtener las claves RSA privadas a través de un ataque "side-channel" que involucra la caché L3. Aka Flush+Reload. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717880 http://eprint.iacr.org/2013/448 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html http://lists.opensuse.org/opensuse-updates/2013-08/msg00003.html http://rhn.redhat.com/errata/RHSA-2013-1457.html http://secunia.com/advisories/54318 http://secunia.com/advisories/54321 http://secunia.com/advisories/54332 http://secunia.com/advisories/54375 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 75EXPL: 0CVE-2012-2351
https://notcve.org/view.php?id=CVE-2012-2351
The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the "Match username attribute to Remote username" option to false, which allows remote SAML IdP servers to spoof users of other SAML IdP servers by using the same internal username. La configuración por defecto del plugin auth/SAML en Mahara antes de v1.4.2 establece el atributo "Match Username to Remote Username" a falso, lo que permite falsificar usuarios de otros servidores a los servidores remotos SAML IdP utilizando el mismo nombre de usuario interno. • http://gitorious.org/mahara/mahara/commit/f07be6020e70fa8f53cd77fdcd63e7fd7ff8aaea http://www.debian.org/security/2012/dsa-2467 http://www.openwall.com/lists/oss-security/2012/05/11/9 http://www.openwall.com/lists/oss-security/2012/05/12/4 https://bugs.launchpad.net/mahara/+bug/932909 • CWE-16: Configuration CWE-284: Improper Access Control CWE-287: Improper Authentication •
CVSS: 5.0EPSS: 2%CPEs: 61EXPL: 0CVE-2004-1142
https://notcve.org/view.php?id=CVE-2004-1142
Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed SMB packet. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000916 http://secunia.com/advisories/13468 http://www.ciac.org/ciac/bulletins/p-061.shtml http://www.debian.org/security/2004/dsa-613 http://www.ethereal.com/appnotes/enpa-sa-00016.html http://www.gentoo.org/security/en/glsa/glsa-200412-15.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:152 http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html http://www.redhat.com/su •
CVSS: 5.0EPSS: 0%CPEs: 61EXPL: 0CVE-2004-1139
https://notcve.org/view.php?id=CVE-2004-1139
Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 through 0.10.7 allows remote attackers to cause a denial of service (application crash). • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000916 http://secunia.com/advisories/13468 http://www.ciac.org/ciac/bulletins/p-061.shtml http://www.ethereal.com/appnotes/enpa-sa-00016.html http://www.gentoo.org/security/en/glsa/glsa-200412-15.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:152 http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html http://www.redhat.com/support/errata/RHSA-2005-037.html http://www.se •