Page 25 of 125 results (0.016 seconds)

CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 1

CVE-2013-2166 – python-keystoneclient: middleware memcache encryption and signing bypass

https://notcve.org/view.php?id=CVE-2013-2166

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass python-keystoneclient versión 0.2.3 hasta la versión 0.2.5, tiene una omisión de cifrado de memcache del middleware. • http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113944.html http://rhn.redhat.com/errata/RHSA-2013-0992.html http://www.openwall.com/lists/oss-security/2013/06/19/5 http://www.securityfocus.com/bid/60684 https://access.redhat.com/security/cve/cve-2013-2166 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2166 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-2166 https://security-tracker.debian.org/tracker/CVE-2013-2166 https://access.redhat& • CWE-326: Inadequate Encryption Strength CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data •

CVSS: 6.8EPSS: 0%CPEs: 24EXPL: 0

CVE-2013-2064 – libxcb: Integer overflow leading to heap-based buffer overflow

https://notcve.org/view.php?id=CVE-2013-2064

Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function. Desbordamiento de entero en X.org libxcb v1.9 y anteriores permite a los servidores X activar la asignación de memoria insuficiente y provocar un desbordamiento de búfer a través de vectores relacionados con la función read_packet. • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106752.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00137.html http://www.debian.org/security/2013/dsa-2686 http://www.openwall.com/lists/oss-security/2013/05/23/3 http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.securityfocus.com/bid/60148 http://www.ubuntu.com/usn/USN-1855-1 http://www.x.org/wiki/Development/Security/Advisory-2013-05-23 https://access. • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •

CVSS: 5.0EPSS: 95%CPEs: 23EXPL: 0

CVE-2002-2443 – krb5: UDP ping-pong flaw in kpasswd

https://notcve.org/view.php?id=CVE-2002-2443

schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103. schpw.c en el servicio kpasswd en kadmind en MIT Kerberos 5 (conocido como krb5) anterior a v1.11.3 no valida correctamente los paquetes UDP antes de enviar respuestas, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de CPU y ancho de banda) a través de un paquete "forged" que activa un circuito de comunicación, como se demostró en krb_pingpong.nasl, un fallo relacionado con CVE-1999-0103. • http://krbdev.mit.edu/rt/Ticket/Display.html?id=7637 http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105879.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105978.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106698.html http://lists.opensuse.org/opensuse-updates/2013-07/msg00004.html http://lists.opensuse.org/opensuse-updates/2013-07/msg00007.html http://rhn.redhat.com/errata/RHSA-2013-0942.html http://www.debian.org/s • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 15%CPEs: 2EXPL: 8

CVE-2013-2028 – Nginx 1.3.9 < 1.4.0 - Denial of Service (PoC)

https://notcve.org/view.php?id=CVE-2013-2028

The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow. La función ngx_http_parse_chunked en http/ngx_http_parse.c en nginx v1.3.9 hasta v1.4.0 permite a atacantes remotos causar una denegación de servicio (caída) y ejecutar código arbitrario mediante una solicitud Transfer-Encoding (chunked) con un tamaño de chunk de gran longitud, lo que genera un error de "integer signedness" y un desbordamiento de búfer. Nginx versions 1.3.9 through 1.4.0 suffer from a denial of service vulnerability. • https://www.exploit-db.com/exploits/25499 https://www.exploit-db.com/exploits/25775 https://www.exploit-db.com/exploits/26737 https://www.exploit-db.com/exploits/32277 https://github.com/m4drat/CVE-2013-2028-Exploit https://github.com/Sunqiz/CVE-2013-2028-reproduction https://github.com/tachibana51/CVE-2013-2028-x64-bypass-ssp-and-pie-PoC http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105176.html http://mailman.nginx.org/pipermail/nginx-announce/2013/000112 • CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0

CVE-2013-1915

https://notcve.org/view.php?id=CVE-2013-1915

ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) vulnerability. ModSecurity antes de v2.7.3 permite a atacantes remotos leer archivos arbitrarios, enviar peticiones HTTP a los servidores de la intranet, o causar una denegación de servicio (consumo de CPU y memoria) a través de una declaración de entidad externa XML junto con una referencia de entidad, también conocido como una Entidad Externa XML (XXE) vulnerabilidad. • http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101898.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101911.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102616.html http://lists.opensuse.org/opensuse-updates/2013-08/msg00020.html http://lists.opensuse.org/opensuse-updates/2013-08/msg00025.html http://lists.opensuse.org/opensuse-updates/2013-08/msg00031.html http://secunia.com/advisories/52847 http://secunia.com/advisories/529 • CWE-611: Improper Restriction of XML External Entity Reference •