CVSS: 5.9EPSS: 0%CPEs: 10EXPL: 1CVE-2013-5123 – phlyLabs phlyMail Lite 4.03.04 - 'go' Open Redirect
https://notcve.org/view.php?id=CVE-2013-5123
The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks. El soporte de duplicación (-M, --use-mirrors) en Python Pip versiones anteriores a la versión 1.5, utiliza consultas DNS no seguras y comprobaciones de autenticidad que permiten a atacantes realizar ataques de tipo man-in-the-middle. • https://www.exploit-db.com/exploits/24086 http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155248.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155291.html http://www.openwall.com/lists/oss-security/2013/08/21/17 http://www.openwall.com/lists/oss-security/2013/08/21/18 http://www.securityfocus.com/bid/77520 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5123 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5123 https&# • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 0CVE-2013-4409
https://notcve.org/view.php?id=CVE-2013-4409
An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests. Existe una vulnerabilidad de la función eval() en Python Software Foundation Djblets versión 0.7.21 y Beanbag Review Board versiones anteriores a la versión 1.7.15, cuando se analizan peticiones JSON. • http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120619.html http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119819.html http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119820.html http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119830.html http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119831.html http://www.securityfocus.com/bid/63029 https://access.redhat.com/security/cve/cve-2013-4409 https:/& • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2013-4251
https://notcve.org/view.php?id=CVE-2013-4251
The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories. El componente scipy.weave en SciPy versiones anteriores a 0.12.1, crea directorios temporales no seguros. • http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120696.html http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119759.html http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119771.html http://www.securityfocus.com/bid/63008 https://access.redhat.com/security/cve/cve-2013-4251 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4251 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-4251 https://exchange.xforce.ibmcloud.com/vulnera • CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2014-1400
https://notcve.org/view.php?id=CVE-2014-1400
The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions and read unpublished comments via unspecified vectors. La API entity_access en el módulo Entity API, en versiones 7.x-1.x anteriores a la 7.x-1.3 para Drupal, podría permitir que usuarios autenticados remotos omitan las restricciones de acceso planeadas y lean comentarios no publicados mediante vectores sin especificar. • http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126811.html http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126816.html http://www.openwall.com/lists/oss-security/2014/01/09/3 http://www.securityfocus.com/bid/64729 https://bugzilla.redhat.com/show_bug.cgi?id=1050802 https://exchange.xforce.ibmcloud.com/vulnerabilities/90396 https://www.drupal.org/node/2169595 • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2014-1399
https://notcve.org/view.php?id=CVE-2014-1399
The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspecified vectors. La API de acceso al contenedor de entidad en el módulo Entity API, en versiones 7.x-1.x anteriores a la 7.x-1.3 para Drupal, podría permitir que usuarios autenticados remotos omitan las restricciones de acceso planeadas en las entidades referenciadas mediante vectores sin especificar. • http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126811.html http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126816.html http://www.openwall.com/lists/oss-security/2014/01/09/3 http://www.securityfocus.com/bid/64729 https://bugzilla.redhat.com/show_bug.cgi?id=1050802 https://exchange.xforce.ibmcloud.com/vulnerabilities/90216 https://www.drupal.org/node/2169595 • CWE-284: Improper Access Control •