CVSS: 4.3EPSS: 1%CPEs: 32EXPL: 1CVE-2014-2497 – gd: NULL pointer dereference in gdImageCreateFromXpm()
https://notcve.org/view.php?id=CVE-2014-2497
The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file. La función gdImageCreateFromXpm en gdxpm.c en libgd, utilizado en PHP 5.4.26 y anteriores, permite a atacantes remotos causar una denegación de servicio (referencia a puntero cero y caída de aplicación) a través de una tabla de color manipulada en un archivo XPM. A NULL pointer dereference flaw was found in the gdImageCreateFromXpm() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application using gd via a specially crafted X PixMap (XPM) file. • http://advisories.mageia.org/MGASA-2014-0288.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.html http://rhn.redhat.com/errata/RHSA-2014-1326.html http://rhn.redhat.com/errata/RHSA-2014-1327.html http://rhn.redhat.com/errata/RHSA-2014-1765.html http://rhn.redhat.com/errata/RHSA-2014-1766.html http://se • CWE-476: NULL Pointer Dereference •
CVSS: 4.3EPSS: 0%CPEs: 193EXPL: 0CVE-2013-4590 – tomcat: information disclosure via XXE when running untrusted web applications
https://notcve.org/view.php?id=CVE-2013-4590
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Apache Tomcat anterior a 6.0.39, 7.x anterior a 7.0.50 y 8.x anterior a 8.0.0-RC10 permite a atacantes obtener información "Tomcat internals" mediante el aprovechamiento de la presencia de una aplicación web no confiable con un documento context.xml, web.xml, *.jspx, *.tagx, o *.tld XML que contiene una declaración de entidad externa en conjunto con una referencia de entidad, relacionada con un problema XML External Entity (XXE). It was found that several application-provided XML files, such as web.xml, content.xml, *.tld, *.tagx, and *.jspx, resolved external entities, permitting XML External Entity (XXE) attacks. An attacker able to deploy malicious applications to Tomcat could use this flaw to circumvent security restrictions set by the JSM, and gain access to sensitive information on the system. Note that this flaw only affected deployments in which Tomcat is running applications from untrusted sources, such as in a shared hosting environment. • http://advisories.mageia.org/MGASA-2014-0148.html http://marc.info/?l=bugtraq&m=144498216801440&w=2 http://secunia.com/advisories/59036 http://secunia.com/advisories/59722 http://secunia.com/advisories/59724 http://secunia.com/advisories/59873 http://svn.apache.org/viewvc?view=revision&revision=1549528 http://svn.apache.org/viewvc?view=revision&revision=1549529 http://svn.apache.org/viewvc?view=revision&revision=1558828 http://tomcat.apache.org/security-6.html http://tomcat.a • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.8EPSS: 0%CPEs: 16EXPL: 0CVE-2011-4093
https://notcve.org/view.php?id=CVE-2011-4093
Integer overflow in inc/server.hpp in libnet6 (aka net6) before 1.3.14 might allow remote attackers to hijack connections and gain privileges as other users by making a large number of connections until the overflow occurs and an ID of another user is provided. Desbordamiento de enteros en inc/server.hpp en libnet6 (también conocido como net6) anterior a 1.3.14 podría permitir a atacantes remotos secuestrar conexiones y ganar privilegios como otros usuarios mediante la realización de un gran número de conexiones hasta que el desbordamiento ocurre y la identidad de otro usuario es proporcionado. • http://git.0x539.de/?p=net6.git%3Ba=commitdiff%3Bh=ac61d7fb42a1f977fb527e024bede319c4a9e169%3Bhp=08c8e2261604c6fcbbaf62f9ae9d13f7015fcb9a http://lists.opensuse.org/opensuse-updates/2012-01/msg00044.html http://lists.opensuse.org/opensuse-updates/2012-01/msg00054.html http://www.openwall.com/lists/oss-security/2011/10/31/1 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html https://bugzilla.novell.com/show_bug.cgi?id=727710 https://bugzilla.redhat.com/show_bug.cgi?id=750631 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.0EPSS: 0%CPEs: 16EXPL: 0CVE-2011-4091
https://notcve.org/view.php?id=CVE-2011-4091
The libobby server in inc/server.hpp in libnet6 (aka net6) before 1.3.14 does not perform authentication before checking the user name, which allows remote attackers to obtain sensitive information such as server-usage patterns by a particular user and color preferences. El servidor de libobby en inc/server.hpp en libnet6 (también conocido como net6) anterior a 1.3.14 no realiza autenticación antes de comprobar el nombre de usuario, lo que permite a atacantes remotos obtener información sensible tal como patrones de uso del servidor de un usuario especifico y preferencias de color. • http://git.0x539.de/?p=net6.git%3Ba=commitdiff%3Bh=84afca022f063f89bfcd4bb32b1ee911f555abf1%3Bhp=ac61d7fb42a1f977fb527e024bede319c4a9e169 http://lists.opensuse.org/opensuse-updates/2012-01/msg00044.html http://lists.opensuse.org/opensuse-updates/2012-01/msg00054.html http://www.openwall.com/lists/oss-security/2011/10/31/1 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html https://bugzilla.novell.com/show_bug.cgi?id=727708 https://bugzilla.redhat.com/show_bug.cgi?id=750632 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 49EXPL: 0CVE-2011-3201 – evolution: mailto URL scheme attachment header improper input validation
https://notcve.org/view.php?id=CVE-2011-3201
GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email. GNOME Evolution antes de v3.2.3 permite leer archivos de su elección a atacantes remotos con la yuda del usuario local a través del parámetro 'attachment' a una URL mailto: , que adjunta el archivo al correo electrónico. • http://rhn.redhat.com/errata/RHSA-2013-0516.html http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html https://bugzilla.gnome.org/show_bug.cgi?id=657374 https://bugzilla.redhat.com/show_bug.cgi?id=733504 https://exchange.xforce.ibmcloud.com/vulnerabilities/82450 https://git.gnome.org/browse/evolution/commit/?id=0a478083fa31aec0059bc6feacc054226fe55b56 https://git.gnome.org/browse/evolution/commit/?id=588c410718068388f8ce0004a71c104a4c89cce3 https://access.redhat.com/security/cve/CVE-20 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-356: Product UI does not Warn User of Unsafe Actions •