CVSS: 1.9EPSS: 0%CPEs: 96EXPL: 0CVE-2013-4242 – GnuPG susceptible to Yarom/Falkner flush+reload cache side-channel attack
https://notcve.org/view.php?id=CVE-2013-4242
GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload. GnuPG anterior a 1.4.14, y Libgcrypt anterior a 1.5.3 usado en GnuPG 2.0.x y posiblemente otros productos, permite a usuarios locales obtener las claves RSA privadas a través de un ataque "side-channel" que involucra la caché L3. Aka Flush+Reload. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717880 http://eprint.iacr.org/2013/448 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html http://lists.opensuse.org/opensuse-updates/2013-08/msg00003.html http://rhn.redhat.com/errata/RHSA-2013-1457.html http://secunia.com/advisories/54318 http://secunia.com/advisories/54321 http://secunia.com/advisories/54332 http://secunia.com/advisories/54375 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 75EXPL: 0CVE-2012-2351
https://notcve.org/view.php?id=CVE-2012-2351
The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the "Match username attribute to Remote username" option to false, which allows remote SAML IdP servers to spoof users of other SAML IdP servers by using the same internal username. La configuración por defecto del plugin auth/SAML en Mahara antes de v1.4.2 establece el atributo "Match Username to Remote Username" a falso, lo que permite falsificar usuarios de otros servidores a los servidores remotos SAML IdP utilizando el mismo nombre de usuario interno. • http://gitorious.org/mahara/mahara/commit/f07be6020e70fa8f53cd77fdcd63e7fd7ff8aaea http://www.debian.org/security/2012/dsa-2467 http://www.openwall.com/lists/oss-security/2012/05/11/9 http://www.openwall.com/lists/oss-security/2012/05/12/4 https://bugs.launchpad.net/mahara/+bug/932909 • CWE-16: Configuration CWE-284: Improper Access Control CWE-287: Improper Authentication •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 2CVE-2008-4553
https://notcve.org/view.php?id=CVE-2008-4553
qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on temporary files and directories. qemu-make-debian-root de qemu 0.9.1-5 en Debian GNU/Linux permite a usuarios locales sobrescribir archivos de su elección mediante un ataque de enlaces simbólicos en archivos y directorios temporales. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496394 http://dev.gentoo.org/~rbu/security/debiantemp/qemu http://secunia.com/advisories/32335 http://uvw.ru/report.lenny.txt http://www.debian.org/security/2008/dsa-1657 http://www.openwall.com/lists/oss-security/2008/10/13/2 http://www.openwall.com/lists/oss-security/2008/10/14/4 http://www.openwall.com/lists/oss-security/2008/10/30/2 http://www.securityfocus.com/bid/30931 https://bugs.gentoo. • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.0EPSS: 2%CPEs: 61EXPL: 0CVE-2004-1142
https://notcve.org/view.php?id=CVE-2004-1142
Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed SMB packet. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000916 http://secunia.com/advisories/13468 http://www.ciac.org/ciac/bulletins/p-061.shtml http://www.debian.org/security/2004/dsa-613 http://www.ethereal.com/appnotes/enpa-sa-00016.html http://www.gentoo.org/security/en/glsa/glsa-200412-15.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:152 http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html http://www.redhat.com/su •
CVSS: 5.0EPSS: 0%CPEs: 61EXPL: 0CVE-2004-1139
https://notcve.org/view.php?id=CVE-2004-1139
Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 through 0.10.7 allows remote attackers to cause a denial of service (application crash). • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000916 http://secunia.com/advisories/13468 http://www.ciac.org/ciac/bulletins/p-061.shtml http://www.ethereal.com/appnotes/enpa-sa-00016.html http://www.gentoo.org/security/en/glsa/glsa-200412-15.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:152 http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html http://www.redhat.com/support/errata/RHSA-2005-037.html http://www.se •