CVSS: 4.3EPSS: 0%CPEs: 193EXPL: 0CVE-2013-4590 – tomcat: information disclosure via XXE when running untrusted web applications
https://notcve.org/view.php?id=CVE-2013-4590
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Apache Tomcat anterior a 6.0.39, 7.x anterior a 7.0.50 y 8.x anterior a 8.0.0-RC10 permite a atacantes obtener información "Tomcat internals" mediante el aprovechamiento de la presencia de una aplicación web no confiable con un documento context.xml, web.xml, *.jspx, *.tagx, o *.tld XML que contiene una declaración de entidad externa en conjunto con una referencia de entidad, relacionada con un problema XML External Entity (XXE). It was found that several application-provided XML files, such as web.xml, content.xml, *.tld, *.tagx, and *.jspx, resolved external entities, permitting XML External Entity (XXE) attacks. An attacker able to deploy malicious applications to Tomcat could use this flaw to circumvent security restrictions set by the JSM, and gain access to sensitive information on the system. Note that this flaw only affected deployments in which Tomcat is running applications from untrusted sources, such as in a shared hosting environment. • http://advisories.mageia.org/MGASA-2014-0148.html http://marc.info/?l=bugtraq&m=144498216801440&w=2 http://secunia.com/advisories/59036 http://secunia.com/advisories/59722 http://secunia.com/advisories/59724 http://secunia.com/advisories/59873 http://svn.apache.org/viewvc?view=revision&revision=1549528 http://svn.apache.org/viewvc?view=revision&revision=1549529 http://svn.apache.org/viewvc?view=revision&revision=1558828 http://tomcat.apache.org/security-6.html http://tomcat.a • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.0EPSS: 96%CPEs: 31EXPL: 2CVE-2013-5211 – NTP ntpd monlist Query Reflection - Denial of Service
https://notcve.org/view.php?id=CVE-2013-5211
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013. La característica monlist en ntp_request.c en ntpd en NTP antes 4.2.7p26 permite a atacantes remotos provocar una denegación de servicio (amplificación de tráfico) a través de solicitudes (1) REQ_MON_GETLIST o (2) solicitudes REQ_MON_GETLIST_1, como han sido explotados en diciembre de 2013. Detect UDP endpoints with UDP amplification vulnerabilities. • https://www.exploit-db.com/exploits/33073 https://github.com/0xhav0c/CVE-2013-5211 http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc http://bugs.ntp.org/show_bug.cgi?id=1532 http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04 http://lists.ntp.org/pipermail/pool/2011-December/005616.html http://lists.opensuse.org/opensuse-updates/2014-09/msg00031.html http://marc.info/?l=bugtraq&m=138971294629419&w=2 http://marc.info/?l=bugtraq&m=144182594518 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 2%CPEs: 2049EXPL: 0CVE-2008-4609
https://notcve.org/view.php?id=CVE-2008-4609
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. La implementación del protocolo TCP en (1) Linux, (2) plataformas basadas en BSD Unix, (3) Microsoft Windows, (4) productos Cisco, y probablemente otros sistemas operativos, permite a atacantes remotos provocar una denegación de servicio (agotamiento de cola de conexión) a través de múltiples vectores que manipulan información en la tabla de estados del TCP, como lo demuestra sockstress. • http://blog.robertlee.name/2008/10/conjecture-speculation.html http://insecure.org/stf/tcp-dos-attack-explained.html http://lists.immunitysec.com/pipermail/dailydave/2008-October/005360.html http://marc.info/?l=bugtraq&m=125856010926699&w=2 http://searchsecurity.techtarget.com.au/articles/27154-TCP-is-fundamentally-borked http://www.cisco.com/en/US/products/products_security_advisory09186a0080af511d.shtml http://www.cisco.com/en/US/products/products_security_response09186a0080a15120.html http://www.cpni • CWE-16: Configuration •
CVSS: 7.5EPSS: 1%CPEs: 65EXPL: 0CVE-2007-4137 – QT off by one buffer overflow
https://notcve.org/view.php?id=CVE-2007-4137
Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable. Error de superación de límite (off-by-one) en la función QUtf8Decoder::toUnicode de Trolltech Qt3 permite a usuarios locales o remotos (dependiendo del contexto) provocar una denegación de servicio (caída) mediante una cadena Unicode manipulada que dispara un desbordamiento de búfer basado en montículo. NOTA: Qt 4 tiene el mismo error en la función QUtf8Codec::convertToUnicode, pero no es explotable. • ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc http://bugs.gentoo.org/show_bug.cgi?id=192472 http://dist.trolltech.com/developer/download/175791_3.diff http://dist.trolltech.com/developer/download/175791_4.diff http://fedoranews.org/updates/FEDORA-2007-221.shtml http://fedoranews.org/updates/FEDORA-2007-703.shtml http://osvdb.org/39384 http://secunia.com/advisories/26778 http://secunia.com/advisories/26782 http://secunia.com/advisories/26804 http: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-193: Off-by-one Error •
CVSS: 3.8EPSS: 2%CPEs: 56EXPL: 0CVE-2007-1352 – Multiple font integer overflows (CVE-2007-1352)
https://notcve.org/view.php?id=CVE-2007-1352
Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow. Desbordamiento de entero en la función FontFileInitTable en X.Org libXfont versiones anteriores a 20070403 permite a usuarios remotos autenticados ejecutar código de su elección mediante una primera línea larga en el fichero fonts.dir, lo cual resulta en un desbordamiento de montón. • http://issues.foresightlinux.org/browse/FL-223 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=502 http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html http://rhn.redhat.com/errata/RHSA-2007-0125.html http://secunia.com/advisories/24741 http://secunia.com/advisories/24745 http://secunia.com/advisories/ •