CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2013-2191
https://notcve.org/view.php?id=CVE-2013-2191
python-bugzilla before 0.9.0 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof Bugzilla servers via a crafted certificate. python-bugzilla anterior a 0.9.0 no valida los certificados X.509 , lo que permite a atacantes man-in-the-middle falsificar servidores Bugzilla a través de un certificado manipulado. • http://lists.opensuse.org/opensuse-updates/2013-07/msg00025.html http://lists.opensuse.org/opensuse-updates/2013-07/msg00026.html http://www.openwall.com/lists/oss-security/2013/06/19/6 https://bugzilla.redhat.com/show_bug.cgi?id=951594 https://git.fedorahosted.org/cgit/python-bugzilla.git/commit/?id=a782282ee479ba4cc1b8b1d89700ac630ba83eef https://lists.fedorahosted.org/pipermail/python-bugzilla/2013-June/000104.html • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 223EXPL: 0CVE-2014-1484
https://notcve.org/view.php?id=CVE-2014-1484
Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers to obtain sensitive information via a crafted application. Mozilla Firefox anterior a 27.0 en Android 4.2 y anteriores crea entradas en el registro del sistema que contienen rutas de perfil, lo que permite a atacantes remotos obtener información sensible a través de una aplicación manipulada. • http://archives.neohapsis.com/archives/bugtraq/2014-03/0153.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html http://osvdb.org/102870 http://www.mozilla.org/security/announce/2014/mfsa2014-06.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/65323 http://www.securitytracker.com/id/1029719 https://bugzilla.mozilla.org/show • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 1%CPEs: 225EXPL: 0CVE-2014-1489
https://notcve.org/view.php?id=CVE-2014-1489
Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session restore) via a crafted web site. Mozilla Firefox anterior a 27.0 no restringe debidamente el acceso a botones about:home por script en otras páginas, lo que permite a atacantes remotos asistidos por usuario causar una denegación de servicio (restablecimiento de sesión) a través de un sitio web manipulado. • http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html http://osvdb.org/102874 http://secunia.com/advisories/56888 http://www.mozilla.org/security/announce/2014/mfsa2014-10.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/65329 http://www.securitytracker.com/id/1029717 http://www.ubuntu.com/usn/USN-2102-1 http://www.ubun • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 17EXPL: 0CVE-2014-0979
https://notcve.org/view.php?id=CVE-2014-0979
The start_authentication function in lightdm-gtk-greeter.c in LightDM GTK+ Greeter before 1.7.1 does not properly handle the return value from the lightdm_greeter_get_authentication_user function, which allows local users to cause a denial of service (NULL pointer dereference) via an empty username. La función start_authentication en lightdm-gtk-greeter.c de LightDM GTK+ Greeter anterior a la versión 1.7.1 no maneja adecuadamente el valor desde la función lightdm_greeter_get_authentication_user, lo que permite a usuarios locales provocar una denegación de servicio (dereferencia a puntero nulo) a través de un nombre de usuario vacío. • http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128117.html http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128150.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00048.html http://secunia.com/advisories/56211 http://secunia.com/advisories/56423 http://www.openwall.com/lists/oss-security/2014/01/07/15 http://www.securityfocus.com/bid/64679 https://bugs.launchpad.net/lightdm-gtk-greeter/+bug/1266449 https://bugzilla.novell.com/sh •
CVSS: 5.8EPSS: 1%CPEs: 228EXPL: 0CVE-2013-5611
https://notcve.org/view.php?id=CVE-2013-5611
Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation. Mozilla Firefox anterior a la versión 26.0 no elimina adecuadamente el doorhanger de la aplicación de instalación, lo que hace más sencillo para atancates remotos falsificar un sitio de instalación Web App mediante el control del tiempo de navegación por páginas. • http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html http:&#x •