CVSS: 7.1EPSS: 1%CPEs: 101EXPL: 1CVE-2013-4002 – OpenJDK: XML parsing Denial of Service (JAXP, 8017298)
https://notcve.org/view.php?id=CVE-2013-4002
23 Jul 2013 — XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute... • https://github.com/tafamace/CVE-2013-4002 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 17EXPL: 0CVE-2013-3812 – Ubuntu Security Notice USN-1909-1
https://notcve.org/view.php?id=CVE-2013-3812
17 Jul 2013 — Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication. Vulnerabilidad sin especificar en el componente MySQL Server en Oracle MySQL 5.5.31 y anteriores y 5.6.11 y anteriores, permite a usuarios autenticados remotamente comprometer la disponibilidad a través de vectores relacionados con Server Replication. Multiple security issues were discover... • http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html •
CVSS: 6.5EPSS: 0%CPEs: 17EXPL: 0CVE-2013-3804 – Ubuntu Security Notice USN-1909-1
https://notcve.org/view.php?id=CVE-2013-3804
17 Jul 2013 — Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. Vulnerabilidad sin especificar en el componente MySQL Server en Oracle MySQL 5.5.31 y anteriores, 5.1.69 y anteriores y 5.6.11 y anteriores, permite a usuarios autenticados remotamente comprometer la disponibilidad a través de vectores relacionados con Server Optimizer. ... • http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html •
CVSS: 8.1EPSS: 0%CPEs: 17EXPL: 0CVE-2013-3793 – Ubuntu Security Notice USN-1909-1
https://notcve.org/view.php?id=CVE-2013-3793
17 Jul 2013 — Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language. Vulnerabilidad sin especificar en el componente MySQL Server en Oracle MySQL 5.6.11 y anteriores y 5.5.31 y anteriores, permite a usuarios autenticados remotamente comprometer la disponibilidad a través de vectores relacionados con Data Manipulation Language. Multiple security issu... • http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html •
CVSS: 8.1EPSS: 0%CPEs: 17EXPL: 0CVE-2013-3802 – Ubuntu Security Notice USN-1909-1
https://notcve.org/view.php?id=CVE-2013-3802
17 Jul 2013 — Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search. Vulnerabilidad sin especificar en el componente MySQL Server en Oracle MySQL 5.5.31 y anteriores, 5.1.69 y anteriores y 5.6.11 y anteriores, permite a usuarios autenticados remotamente comprometer la disponibilidad a través de vectores relacionados con Server Full Text S... • http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html •
CVSS: 7.4EPSS: 0%CPEs: 16EXPL: 0CVE-2013-3809 – Ubuntu Security Notice USN-1909-1
https://notcve.org/view.php?id=CVE-2013-3809
17 Jul 2013 — Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log. Vulnerabilidad sin especificar en el componente MySQL Server en Oracle MySQL 5.5.31 y anteriores y 5.6.11 y anteriores, permite a usuarios autenticados remotamente comprometer la integridad a través de vectores relacionados con Audit Log. Multiple security issues were discovered in MySQL and this upda... • http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html •
CVSS: 9.8EPSS: 0%CPEs: 15EXPL: 0CVE-2013-3783 – Ubuntu Security Notice USN-1909-1
https://notcve.org/view.php?id=CVE-2013-3783
17 Jul 2013 — Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser. Vulnerabilidad sin especificar en el componente MySQL Server en Oracle MySQL 5.3.31 y anteriores permite a usuarios autenticados remotamente comprometer la disponibilidad a través de vectores desconocidos relacionados con el Server Parser. Multiple security issues were discovered in MySQL and this update includes new... • http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html •
CVSS: 9.8EPSS: 1%CPEs: 135EXPL: 1CVE-2013-0339 – Mandriva Linux Security Advisory 2013-198
https://notcve.org/view.php?id=CVE-2013-0339
16 Jul 2013 — libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because libxml2 already provides the ability to disable external entity expansion, the res... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 33%CPEs: 23EXPL: 1CVE-2013-1896 – httpd: mod_dav DoS (httpd child process crash) via a URI MERGE request with source URI not handled by mod_dav
https://notcve.org/view.php?id=CVE-2013-1896
10 Jul 2013 — mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI. mod_dav.c en el Apache HTTP Server anterior a 2.2.25 no determina adecuadamente si DAV está activado para URI, lo que permite a atacantes remotos provocar una dene... • http://lists.opensuse.org/opensuse-updates/2013-08/msg00026.html •
CVSS: 9.8EPSS: 9%CPEs: 169EXPL: 1CVE-2013-2174 – curl: Loop counter error, leading to heap-based buffer overflow when decoding certain URLs
https://notcve.org/view.php?id=CVE-2013-2174
24 Jun 2013 — Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent) character. Desbordamiento de búfer basado en memoria dinámica en la función curl_easy_unescape en lib/escape.c en cURL y libcurl 7.7 a la 7.30.0, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posibl... • http://curl.haxx.se/docs/adv_20130622.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •