CVSS: 5.3EPSS: 0%CPEs: 24EXPL: 0CVE-2021-35586 – OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735)
https://notcve.org/view.php?id=CVE-2021-35586
20 Oct 2021 — Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial o... • https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 4.3EPSS: 0%CPEs: 24EXPL: 0CVE-2021-35603 – OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618)
https://notcve.org/view.php?id=CVE-2021-35603
20 Oct 2021 — Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM ... • https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html • CWE-203: Observable Discrepancy •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14312
https://notcve.org/view.php?id=CVE-2020-14312
05 Feb 2021 — A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option `local-service` is not enabled. Running dnsmasq in this manner may inadvertently make it an open resolver accessible from any address on the internet. This flaw allows an attacker to conduct a Distributed Denial of Service (DDoS) against ot... • https://bugzilla.redhat.com/show_bug.cgi?id=1851342 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2013-1895
https://notcve.org/view.php?id=CVE-2013-1895
28 Jan 2020 — The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten. El módulo py-bcrypt versiones anteriores a 0.3 para Python, no maneja apropiadamente el acceso concurrente a la memoria, que permite a atacantes omitir la autenticación por medio de múltiples peticiones de autenticación, lo que desencadena que el hash de contraseña se sobrescriba. • http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101382.html • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 6.1EPSS: 1%CPEs: 4EXPL: 0CVE-2012-4451
https://notcve.org/view.php?id=CVE-2012-4451
03 Jan 2020 — Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3) Log\Formatter\Xml, (4) Tag\Cloud\Decorator, (5) Uri, (6) View\Helper\HeadStyle, (7) View\Helper\Navigation\Sitemap, or (8) View\Helper\Placeholder\Container\AbstractStandalone, related to Escaper. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en Zend Framework versiones 2.0.x anter... • http://framework.zend.com/security/advisory/ZF2012-03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 11%CPEs: 4EXPL: 0CVE-2012-5645
https://notcve.org/view.php?id=CVE-2012-5645
30 Dec 2019 — A denial of service flaw was found in the way the server component of Freeciv before 2.3.4 processed certain packets. A remote attacker could send a specially-crafted packet that, when processed would lead to memory exhaustion or excessive CPU consumption. Se encontró un fallo de denegación de servicio en la manera en que el componente Freeciv del servidor versiones anteriores a la versión 2.3.4 procesaba ciertos paquetes. Un atacante remoto podría enviar un paquete especialmente diseñado que, cuando se pro... • http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095378.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2012-1615
https://notcve.org/view.php?id=CVE-2012-1615
06 Dec 2019 — A Privilege Escalation vulnerability exits in Fedoraproject Sectool due to an incorrect DBus file. Se presenta una vulnerabilidad de Escalada de Privilegios en Fedoraproject Sectool debido a un archivo DBus incorrecto. • http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076873.html • CWE-269: Improper Privilege Management •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2012-1115
https://notcve.org/view.php?id=CVE-2012-1115
05 Dec 2019 — A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php. Se presenta una vulnerabilidad de tipo Cross-Site Scripting (XSS) en LDAP Account Manager (LAM) Pro versión 3.6, en los parámetros export, add_value_form y dn en el archivo cmd.php. • http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089297.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2012-1114
https://notcve.org/view.php?id=CVE-2012-1114
05 Dec 2019 — A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to list.php. Se presenta una vulnerabilidad de tipo Cross-Site Scripting (XSS) en LDAP Account Manager (LAM) Pro versión 3.6, en el parámetro filter en el archivo cmd.php en una acción export y exporter_id y el parámetro filteruid en el archivo list.php. • http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089297.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 0CVE-2013-4235 – Ubuntu Security Notice USN-5745-1
https://notcve.org/view.php?id=CVE-2013-4235
03 Dec 2019 — shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees shadow: condición de carrera TOCTOU (de tiempo de comprobación y tiempo de uso) cuando se copia y elimina árboles de directorio. Florian Weimer discovered that shadow was not properly copying and removing user directory trees, which could lead to a race condition. A local attacker could possibly use this issue to setup a symlink attack and alter or remove directories without authorization. • https://access.redhat.com/security/cve/cve-2013-4235 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •