CVSS: 10.0EPSS: 6%CPEs: 110EXPL: 0CVE-2013-6435 – rpm: race condition during the installation process
https://notcve.org/view.php?id=CVE-2013-6435
09 Dec 2014 — Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory. Condición de carrera en RPM 4.11.1 y anteriores permite a atacantes remotos ejecutar código arbitrario a través de un fichero RPM manipulado cuyo instalación extrae los contenidos de ficheros temporales antes de validar la firma, tal y co... • http://advisories.mageia.org/MGASA-2014-0529.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2014-4911 – Debian Security Advisory 2981-1
https://notcve.org/view.php?id=CVE-2014-4911
20 Jul 2014 — The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11 and 1.3.x before 1.3.8 allows remote attackers to cause a denial of service (crash) via vectors related to the GCM ciphersuites, as demonstrated using the Codenomicon Defensics toolkit. La función ssl_decrypt_buf en library/ssl_tls.c en PolarSSL anterior a 1.2.11 y 1.3.x anterior a 1.3.8 permite a atacantes remotos causar una denegación de servicio (caída) a través de vectores relacionados con los suites de cifrado GCM, tal y como f... • http://secunia.com/advisories/60215 • CWE-310: Cryptographic Issues •
CVSS: 5.5EPSS: 0%CPEs: 38EXPL: 0CVE-2014-3533 – Mandriva Linux Security Advisory 2014-148
https://notcve.org/view.php?id=CVE-2014-3533
03 Jul 2014 — dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor. dbus 1.3.0 anterior a 1.6.22 y 1.8.x anterior a 1.8.6 permite a usuarios locales causar una denegación de servicio (desconexión) a través de cierta secuencias de mensajes manipulados que causan que el demonio de dbus reenvíe un mensaje que contiene un descriptor de fichero... • http://advisories.mageia.org/MGASA-2014-0294.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 7%CPEs: 64EXPL: 0CVE-2014-4617 – Ubuntu Security Notice USN-2258-1
https://notcve.org/view.php?id=CVE-2014-4617
25 Jun 2014 — The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence. La función do_uncompress en g10/compress.c en GnuPG 1.x anterior a 1.4.17 y 2.x anterior a 2.0.24 permite a atacantes dependientes de contexto causar una denegación de servicio (bucle infinito) a través de paquetes comprimidos malformados, tal y como fue ... • http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=014b2103fcb12f261135e3954f26e9e07b39e342 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 81EXPL: 0CVE-2013-4134 – Mandriva Linux Security Advisory 2014-244
https://notcve.org/view.php?id=CVE-2013-4134
29 Jul 2013 — OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key. OpenAFS anterior a 1.4.15, 1.6.x anterior a 1.6.5 y 1.7.x anterior a 1.7.26 utiliza cifrado débil (DES) para las claves de Kerberos, lo que hace que sea más fácil para los atacantes remotos para obtener la clave de servicio. Buffer overflow in certain client utilities in OpenAFS before 1.6.2 allows remote authenticated users to... • http://www.debian.org/security/2013/dsa-2729 • CWE-310: Cryptographic Issues •
CVSS: 10.0EPSS: 0%CPEs: 96EXPL: 0CVE-2013-4242 – GnuPG susceptible to Yarom/Falkner flush+reload cache side-channel attack
https://notcve.org/view.php?id=CVE-2013-4242
29 Jul 2013 — GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload. GnuPG anterior a 1.4.14, y Libgcrypt anterior a 1.5.3 usado en GnuPG 2.0.x y posiblemente otros productos, permite a usuarios locales obtener las claves RSA privadas a través de un ataque "side-channel" que involucra la caché L3. Aka Flush+Reload. The GNU Privacy Guard is a tool for encrypti... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717880 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 75EXPL: 0CVE-2012-2351
https://notcve.org/view.php?id=CVE-2012-2351
12 Jul 2012 — The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the "Match username attribute to Remote username" option to false, which allows remote SAML IdP servers to spoof users of other SAML IdP servers by using the same internal username. La configuración por defecto del plugin auth/SAML en Mahara antes de v1.4.2 establece el atributo "Match Username to Remote Username" a falso, lo que permite falsificar usuarios de otros servidores a los servidores remotos SAML IdP utilizando el mismo ... • http://gitorious.org/mahara/mahara/commit/f07be6020e70fa8f53cd77fdcd63e7fd7ff8aaea • CWE-16: Configuration CWE-284: Improper Access Control CWE-287: Improper Authentication •
CVSS: 9.1EPSS: 6%CPEs: 146EXPL: 0CVE-2005-0206
https://notcve.org/view.php?id=CVE-2005-0206
15 Feb 2005 — The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities. El parche para corregir las vulnerabilidades de desbordamiento de entero en Xpdf 2.0 y 3.0 (CAN-2004-0888) es incompleto para arquitecturas de 64 bits en ciertas distribuciones de Linux como Red Hat, lo que podría dejar a los usuarios de Xpdf expuestos a las vulnerabilida... • http://www.mandriva.com/security/advisories?name=MDKSA-2005:041 •
CVSS: 10.0EPSS: 4%CPEs: 93EXPL: 0CVE-2004-0888
https://notcve.org/view.php?id=CVE-2004-0888
26 Oct 2004 — Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889. • http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000886 •
CVSS: 10.0EPSS: 3%CPEs: 93EXPL: 0CVE-2004-0889
https://notcve.org/view.php?id=CVE-2004-0889
26 Oct 2004 — Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888. • http://marc.info/?l=bugtraq&m=109880927526773&w=2 •