Page 24 of 345 results (0.017 seconds)

CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0

CVE-2013-1915

https://notcve.org/view.php?id=CVE-2013-1915

ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) vulnerability. ModSecurity antes de v2.7.3 permite a atacantes remotos leer archivos arbitrarios, enviar peticiones HTTP a los servidores de la intranet, o causar una denegación de servicio (consumo de CPU y memoria) a través de una declaración de entidad externa XML junto con una referencia de entidad, también conocido como una Entidad Externa XML (XXE) vulnerabilidad. • http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101898.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101911.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102616.html http://lists.opensuse.org/opensuse-updates/2013-08/msg00020.html http://lists.opensuse.org/opensuse-updates/2013-08/msg00025.html http://lists.opensuse.org/opensuse-updates/2013-08/msg00031.html http://secunia.com/advisories/52847 http://secunia.com/advisories/529 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 10.0EPSS: 3%CPEs: 355EXPL: 0

CVE-2013-1379 – flash-plugin: multiple code execution flaws (APSB13-11)

https://notcve.org/view.php?id=CVE-2013-1379

Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 do not properly initialize pointer arrays, which allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Adobe Flash Player anterior a v10.3.183.75 y v11.x anterior a v11.7.700.169 en Windows y Mac OS X, anterior a v10.3.183.75 y v11.x anterior a v11.2.202.280 en Linux, anterior a v11.1.111.50 en Android v2.x y v3.x, y anterior a v11.1.115.54 en Android v4.x; Adobe AIR anterior a v3.7.0.1530; y Adobe AIR SDK & Compiler anterior a v3.7.0.1530 no inicializa correctamente las matrices de punteros, lo que permite a los atacantes ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00019.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00081.html http://marc.info/?l=bugtraq&m=139455789818399&w=2 http://rhn.redhat.com/errata/RHSA-2013-0730.html http://www.adobe.com/support/security/bulletins/apsb13-11.html https://access.redhat.com/security/cve/CVE-2013-1379 https://bugzilla.redhat.com/show_bug.cgi?id=950180 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.0EPSS: 0%CPEs: 32EXPL: 0

CVE-2013-1846 – (mod_dav_svn): DoS (crash) via LOCK requests against an activity URL

https://notcve.org/view.php?id=CVE-2013-1846

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL. El modulo mod_dav_svn Apache HTTPD server en Subversion v1.6.x hasta v1.6.21 y v1.7.0 hasta v1.7.8 permite a usuarios remotos autenticados causar una denegación de servicio (referencia NULL y caída de la aplicación) a través de un bloqueo en una URL vigente. • http://lists.opensuse.org/opensuse-updates/2013-04/msg00095.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00069.html http://mail-archives.apache.org/mod_mbox/subversion-announce/201304.mbox/%3CCADkdwvRoyVrZV12tgC0FMGrc6%2BMisd3qTcZ%2BDdpFGgTahkgAkQ%40mail.gmail.com%3E http://mail-archives.apache.org/mod_mbox/subversion-announce/201304.mbox/%3CCADkdwvSTMLbn4q_KM3Ph2UOeSiPGhEK4%3DSvwEjaHW_GUGkYWPQ%40mail.gmail.com%3E http://rhn.redhat.com/errata/RHSA-2013-0737.html http://subversion.apache.org/security/CVE-201 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 3.5EPSS: 0%CPEs: 33EXPL: 0

CVE-2013-1845 – (mod_dav_svn): DoS (excessive memory use) when large number of properties are set or deleted

https://notcve.org/view.php?id=CVE-2013-1845

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory. El modulo mod_dav_svn Apache HTTPD server en Subversion v1.6.x hasta v1.6.21 y v1.7.0 hasta v1.7.8 permite a usuarios remotos autenticados causar una denegación de servicio ((consumo de memoria) mediante un (1) "setting" o (2) "deleting" en un numero largo de propiedades de un archivo o directorio. • http://lists.opensuse.org/opensuse-updates/2013-04/msg00095.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00069.html http://mail-archives.apache.org/mod_mbox/subversion-announce/201304.mbox/%3CCADkdwvRoyVrZV12tgC0FMGrc6%2BMisd3qTcZ%2BDdpFGgTahkgAkQ%40mail.gmail.com%3E http://mail-archives.apache.org/mod_mbox/subversion-announce/201304.mbox/%3CCADkdwvSTMLbn4q_KM3Ph2UOeSiPGhEK4%3DSvwEjaHW_GUGkYWPQ%40mail.gmail.com%3E http://rhn.redhat.com/errata/RHSA-2013-0737.html http://subversion.apache.org/security/CVE-201 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 13%CPEs: 81EXPL: 2

CVE-2012-6139

https://notcve.org/view.php?id=CVE-2012-6139

libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c. libxslt antes de v1.1.28 permite a atacantes remotos provocar una denegación de servicio (desreferencia a puntero NULL y caída del sistema) mediante un atributo (1) match vacío en una clave XSL a la función xsltAddKey en keys.c o (2) una variable no inicializada en la función xsltDocumentFunction en functions.c. • http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102065.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00020.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00028.html http://secunia.com/advisories/52745 http://secunia.com/advisories/52805 http://secunia.com/advisories/52813 http://secunia.com/advisories/52884 http://www.debian.org/security/2013/dsa-2654 http://www.mandriva.com/security/advisories?name=MDVSA-2013:141 http://www.securitytracker •