CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2013-0294
https://notcve.org/view.php?id=CVE-2013-0294
packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack. El archivo packet.py en pyrad versiones anteriores a 2.1, utiliza números aleatorios débiles para generar autenticadores RADIUS y contraseñas de hash, lo que facilita a atacantes remotos obtener información confidencial por medio de un ataque de fuerza bruta. • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115677.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115705.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116567.html http://www.openwall.com/lists/oss-security/2013/02/15/13 http://www.securityfocus.com/bid/57984 https://bugzilla.redhat.com/show_bug.cgi?id=911682 https://exchange.xforce.ibmcloud.com/vulnerabilities/82133 https://github.com/wichert/pyrad/commit/38f7 • CWE-330: Use of Insufficiently Random Values •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2013-1437
https://notcve.org/view.php?id=CVE-2013-1437
Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value. Una vulnerabilidad de inyección de Eval en el módulo Module-Metadata versiones anteriores a 1.000015 para Perl, permite a atacantes remotos ejecutar código de Perl arbitrario por medio del valor $Version. • http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114904.html http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114912.html https://metacpan.org/changes/distribution/Module-Metadata • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-2581
https://notcve.org/view.php?id=CVE-2014-2581
Smb4K before 1.1.1 allows remote attackers to obtain credentials via vectors related to the cuid option in the "Additional options" line edit. Smb4K versiones anteriores a 1.1.1, permite a atacantes remotos obtener credenciales por medio de vectores relacionados con la opción cuid en la edición de línea "Additional options". • http://lists.fedoraproject.org/pipermail/package-announce/2014-June/133898.html http://lists.fedoraproject.org/pipermail/package-announce/2014-June/133901.html http://sourceforge.net/projects/smb4k/files/1.1.1 http://www.openwall.com/lists/oss-security/2014/03/24/1 http://www.openwall.com/lists/oss-security/2014/03/25/5 https://bugs.gentoo.org/505376 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2013-4752
https://notcve.org/view.php?id=CVE-2013-4752
Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to inject malicious content into the Web application page and conduct various attacks. Symfony versiones 2.0.X anteriores a 2.0.24, versiones 2.1.X anteriores a 2.1.12, versiones 2.2.X anteriores a 2.2.5 y versiones 2.3.X anteriores a 2.3.3, tienen un problema en el componente HttpFoundation. El atacante puede manipular el encabezado del host cuando el framework está generando una URL absoluta. • http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114450.html http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114461.html http://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released http://www.securityfocus.com/bid/61715 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4752 https://exchange.xforce.ibmcloud.com/vulnerabilities/86365 https://exchange.xforce.ibmcloud.com/vulnerabilities/86366 https://exchange.xforce.ibm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2013-4161
https://notcve.org/view.php?id=CVE-2013-4161
gksu-polkit-0.0.3-6.fc18 was reported as fixing the issue in CVE-2012-5617 but the patch was improperly applied and it did not fixed the security issue. Se reportó que gksu-polkit-0.0.3-6.fc18 corrigió el problema en CVE-2012-5617, pero el parche fue aplicado inapropiadamente y no corrigió el problema de seguridad. • http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113182.html http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113218.html https://access.redhat.com/security/cve/cve-2013-4161 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4161 https://security-tracker.debian.org/tracker/CVE-2013-4161 • CWE-269: Improper Privilege Management •