CVSS: 7.5EPSS: 0%CPEs: 25EXPL: 0CVE-2013-1620 – nss: TLS CBC padding timing attack
https://notcve.org/view.php?id=CVE-2013-1620
08 Feb 2013 — The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. La implementación en Mozilla Network Security Services (NSS) de TLS no tiene debidamente en cuenta tiempos de canal... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 • CWE-203: Observable Discrepancy •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2012-2137 – kernel: kvm: buffer overflow in kvm_set_irq()
https://notcve.org/view.php?id=CVE-2012-2137
22 Jan 2013 — Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the Linux kernel before 3.2.24 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to Message Signaled Interrupts (MSI), irq routing entries, and an incorrect check by the setup_routing_entry function before invoking the kvm_set_irq function. Desbordamiento de búfer en virt/KVM/irq_comm.c en el subsistema de KVM en el kernel de Linux antes de v3.2.24 que permite a usuarios locales provo... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=f2ebd422f71cda9c791f76f85d2ca102ae34a1ed • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 2CVE-2012-5656
https://notcve.org/view.php?id=CVE-2012-5656
18 Jan 2013 — The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack. El proceso de rasterización en Inkscape antes de v0.48.4 permite a los usuarios locales leer archivos de su elección a través de entidades externas en un archivo SVG. Se trata de un ataque también conocido como ataque de inyección XML a una entidad externa (XXE). • http://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/11931 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2012-0578 – Gentoo Linux Security Advisory 201308-06
https://notcve.org/view.php?id=CVE-2012-0578
17 Jan 2013 — Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. Vulnerabilidad no especificada en el componente Server en Oracle MySQL v5.5.28 y anteriores permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores desconocidos relacionados con "Server Optimizer". Multiple vulnerabilities have been found in MySQL, allowing attackers to execute arbitrary... • http://secunia.com/advisories/53372 •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2012-1705 – mysql: unspecified DoS vulnerability related to Server Optimizer (CPU Jan 2013)
https://notcve.org/view.php?id=CVE-2012-1705
17 Jan 2013 — Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. Vulnerabilidad no especificada en el componente Server en Oracle MySQL v5.1.66 y anteriores y v5.5.28 y anteriores, permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores desconocidos relacionados con el Server Optimizer. Multiple vulnerabilities have been found i... • http://rhn.redhat.com/errata/RHSA-2013-0219.html •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2012-5060 – Gentoo Linux Security Advisory 201308-06
https://notcve.org/view.php?id=CVE-2012-5060
17 Jan 2013 — Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability, related to GIS Extension. Vulnerabilidad sin especificar en el componente Server en Oracle MySQL v5.1.65 y anteriores y v5.5.27 y anteriores que permite a usuario autenticados de forma remota afectar a la disponibilidad en relación a la GIS Extension. Multiple vulnerabilities have been found in MySQL, allowing attackers to execute arbitrary cod... • http://secunia.com/advisories/53372 •
CVSS: 9.8EPSS: 1%CPEs: 7EXPL: 0CVE-2013-0386 – Gentoo Linux Security Advisory 201308-06
https://notcve.org/view.php?id=CVE-2013-0386
17 Jan 2013 — Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure. Una vulnerabilidad no especificada en el componente Servidor de Oracle MySQL v5.5.28 y anteriores permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores desconocidos relacionados con los procedimientos almacenados. Multiple vulnerabilities have been found in MySQL, allowing attackers to... • http://secunia.com/advisories/53372 •
CVSS: 9.8EPSS: 0%CPEs: 15EXPL: 0CVE-2013-0383 – mysql: unspecified unauthenticated DoS vulnerability related to Server Locking (CPU Jan 2013)
https://notcve.org/view.php?id=CVE-2013-0383
17 Jan 2013 — Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to affect availability via unknown vectors related to Server Locking. Una vulnerabilidad no especificada en el componente Servidor de Oracle MySQL v5.1.66 y anteriores y v5.5.28 y anteriores, permite a atacantes remotos afectar a la disponibilidad a través de vectores desconocidos relacionados con el bloqueo del servidor. Multiple vulnerabilities have been found in MySQL, all... • http://rhn.redhat.com/errata/RHSA-2013-0219.html •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2012-0574 – mysql: unspecified DoS vulnerability related to Server (CPU Jan 2013)
https://notcve.org/view.php?id=CVE-2012-0574
17 Jan 2013 — Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors. Vulnerabilidad no especificada en el componente Server en Oracle MySQL v5.1.66 y anteriores y v5.5.28 y anteriores permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores desconocidos. Multiple vulnerabilities have been found in MySQL, allowing attackers to execute arbitrary code or cause D... • http://marc.info/?l=bugtraq&m=135109152819176&w=2 •
CVSS: 7.5EPSS: 1%CPEs: 11EXPL: 0CVE-2013-0389 – mysql: unspecified DoS vulnerability related to Server Optimizer (CPU Jan 2013)
https://notcve.org/view.php?id=CVE-2013-0389
17 Jan 2013 — Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. Una vulnerabilidad no especificada en el componente Servidor de Oracle MySQL v5.1.66 y anteriores y v5.5.28 y anteriores, permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores desconocidos relacionados con el optimizador del servidor Multiple vulnerabilities ha... • http://rhn.redhat.com/errata/RHSA-2013-0219.html •