CVE-2013-4161
https://notcve.org/view.php?id=CVE-2013-4161
gksu-polkit-0.0.3-6.fc18 was reported as fixing the issue in CVE-2012-5617 but the patch was improperly applied and it did not fixed the security issue. Se reportó que gksu-polkit-0.0.3-6.fc18 corrigió el problema en CVE-2012-5617, pero el parche fue aplicado inapropiadamente y no corrigió el problema de seguridad. • http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113182.html http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113218.html https://access.redhat.com/security/cve/cve-2013-4161 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4161 https://security-tracker.debian.org/tracker/CVE-2013-4161 • CWE-269: Improper Privilege Management •
CVE-2012-5645
https://notcve.org/view.php?id=CVE-2012-5645
A denial of service flaw was found in the way the server component of Freeciv before 2.3.4 processed certain packets. A remote attacker could send a specially-crafted packet that, when processed would lead to memory exhaustion or excessive CPU consumption. Se encontró un fallo de denegación de servicio en la manera en que el componente Freeciv del servidor versiones anteriores a la versión 2.3.4 procesaba ciertos paquetes. Un atacante remoto podría enviar un paquete especialmente diseñado que, cuando se procese, conllevaría al agotamiento de la memoria o el consumo excesivo de la CPU. • http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095378.html http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095381.html http://lists.fedoraproject.org/pipermail/package-announce/2013-January/096391.html http://www.openwall.com/lists/oss-security/2012/12/18/5 http://www.openwall.com/lists/oss-security/2012/12/22/4 http://www.openwall.com/lists/oss-security/2012/12/30/11 http://www.openwall.com/lists/oss-security/2012/12/30/8 http: • CWE-400: Uncontrolled Resource Consumption •
CVE-2012-5474
https://notcve.org/view.php?id=CVE-2012-5474
The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value. El archivo /etc/openstack-dashboard/local_settings dentro de Red Hat OpenStack Platform versión 2.0 y RHOS Essex Release (paquete python-django-horizon versiones anteriores a la versión 2012.1.1) es de tipo world readable y expone el valor de la clave secreta. • http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092841.html https://access.redhat.com/security/cve/cve-2012-5474 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5474 https://security-tracker.debian.org/tracker/CVE-2012-5474 • CWE-311: Missing Encryption of Sensitive Data •
CVE-2013-4158
https://notcve.org/view.php?id=CVE-2013-4158
smokeping before 2.6.9 has XSS (incomplete fix for CVE-2012-0790) smokeping versiones anteriores a 2.6.9, presenta una vulnerabilidad de tipo XSS (corrección incompleta para el CVE-2012-0790) • http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113987.html http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114008.html http://www.openwall.com/lists/oss-security/2013/07/20/2 http://www.securityfocus.com/bid/61371 https://access.redhat.com/security/cve/cve-2013-4158 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4158 https://exchange.xforce.ibmcloud.com/vulnerabilities/85887 https://security-tracker.debian.org/tracker/CVE-2013-4158 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-1115
https://notcve.org/view.php?id=CVE-2012-1115
A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php. Se presenta una vulnerabilidad de tipo Cross-Site Scripting (XSS) en LDAP Account Manager (LAM) Pro versión 3.6, en los parámetros export, add_value_form y dn en el archivo cmd.php. • http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089297.html http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089313.html http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089328.html http://www.openwall.com/lists/oss-security/2012/03/05/24 http://www.openwall.com/lists/oss-security/2012/03/12/1 http://www.openwall.com/lists/oss-security/2012/03/12/10 http://www.securityfocus.com/bid/52255 https://bugzilla.redhat.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •