CVSS: 2.1EPSS: 0%CPEs: 4EXPL: 0CVE-2012-5635 – GlusterFS: insecure temporary file creation
https://notcve.org/view.php?id=CVE-2012-5635
The GlusterFS functionality in Red Hat Storage Management Console 2.0, Native Client, and Server 2.0 allows local users to overwrite arbitrary files via a symlink attack on multiple temporary files created by (1) tests/volume.rc, (2) extras/hook-scripts/S30samba-stop.sh, and possibly other vectors, different vulnerabilities than CVE-2012-4417. La funcionalidad GlusterFS en Red Hat Storage Management Console v2.0, Native Client, Server 2.0 permite a usuarios locales sobreescribir archivos arbitrarios mediante un ataque de enlaces simbólicos en varios archivos temporales creados por (1) tests/volume.rc, (2) extras/hook- scripts/S30samba-stop.sh, y posiblemente otros vectores, la vulnerabilidad diferente a CVE-2012-4417. Multiple insecure temporary file creation flaws were found in Red Hat Storage. A local user on the Red Hat Storage server could use these flaws to cause arbitrary files to be overwritten as the root user via a symbolic link attack. • http://rhn.redhat.com/errata/RHSA-2013-0691.html https://bugzilla.redhat.com/show_bug.cgi?id=886364 https://access.redhat.com/security/cve/CVE-2012-5635 • CWE-264: Permissions, Privileges, and Access Controls CWE-377: Insecure Temporary File •
CVSS: 9.8EPSS: 5%CPEs: 8EXPL: 0CVE-2012-4406 – Openstack-Swift: insecure use of python pickle()
https://notcve.org/view.php?id=CVE-2012-4406
OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object. OpenStack Object Storage (swift) antes de v1.7.0 utiliza la función loads en el módulo pickle de Python de forma no segura al almacenar y cargar los metadatos en memcached, lo que permite a atacantes remotos ejecutar código arbitrario a través de un objeto pickle modificado. • http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html http://rhn.redhat.com/errata/RHSA-2012-1379.html http://rhn.redhat.com/errata/RHSA-2013-0691.html http://www.openwall.com/lists/oss-security/2012/09/05/16 http://www.openwall.com/lists/oss-security/2012/09/05/4 http://www.securityfocus.com/bid/55420 https://bugs.launchpad.net/swift/+bug/1006414 https://bugzilla.redhat.com/show_bug.cgi?id=854757 https://exchange.xforce.ibmcloud.com/ • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.3EPSS: 1%CPEs: 21EXPL: 3CVE-2012-1938 – Mozilla: Miscellaneous memory safety hazards (rv:13.0/ rv:10.0.5) (MFSA 2012-34)
https://notcve.org/view.php?id=CVE-2012-1938
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) methodjit/ImmutableSync.cpp, (2) the JSObject::makeDenseArraySlow function in js/src/jsarray.cpp, and unknown other components. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox antes de v13.0, Thunderbird antes de v13.0, y SeaMonkey antes de v2.10 permiten a atacantes remotos causar una denegación de servicio (corrupción de la memoria y caída de la aplicación) o posiblemente ejecutar código de su elección a través de vectores relacionados con (1) methodjit/ImmutableSync.cpp, y con la función (2) JSObject::makeDenseArraySlow en js/src/jsarray.cpp y otros componentes desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00015.html http://rhn.redhat.com/errata/RHSA-2012-0710.html http://rhn.redhat.com/errata/RHSA-2012-0715.html http://www.mandriva.com/security/advisories?name=MDVSA-2012:088 http://www.mozilla.org/security/announce/2012/mfsa2012-34.html http://www.securityfocus.com/bid/53796 https://bugzilla.mozilla.org/show_bug.cgi?id=670317 https://bugzilla. •
CVSS: 6.5EPSS: 2%CPEs: 11EXPL: 0CVE-2012-1798 – ImageMagick: Out-of-bounds buffer read by copying image bytes for TIFF images with crafted TIFF EXIF IFD value
https://notcve.org/view.php?id=CVE-2012-1798
The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image. La función de TIFFGetEXIFProperties en coders/tiff.c en ImageMagick antes de v6.7.6-3 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de los límites y caída de la aplicación) a través de un IFD EXIF modificado en una imagen TIFF. • http://lists.opensuse.org/opensuse-updates/2012-06/msg00001.html http://rhn.redhat.com/errata/RHSA-2012-0544.html http://secunia.com/advisories/48974 http://secunia.com/advisories/49063 http://secunia.com/advisories/49068 http://secunia.com/advisories/49317 http://secunia.com/advisories/55035 http://www.debian.org/security/2012/dsa-2462 http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20629 http://www.osvdb.org/81023 http://www.securityfocus.com/bid/52 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 1%CPEs: 17EXPL: 0CVE-2012-0260 – ImageMagick: excessive CPU use DoS by processing JPEG images with crafted restart markers
https://notcve.org/view.php?id=CVE-2012-0260
The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers. La función de JPEGWarningHandler en coders/jpeg.c en ImageMagick antes de v6.7.6-3 permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de una imagen JPEG con una secuencia de marcadores de reinicio hecha a mano. • http://lists.opensuse.org/opensuse-updates/2012-06/msg00001.html http://rhn.redhat.com/errata/RHSA-2012-0544.html http://rhn.redhat.com/errata/RHSA-2012-0545.html http://secunia.com/advisories/48974 http://secunia.com/advisories/49063 http://secunia.com/advisories/49068 http://secunia.com/advisories/49317 http://secunia.com/advisories/55035 http://secunia.com/advisories/57224 http://www.cert.fi/en/reports/2012/vulnerability635606.html http://www.debian.org/security/2012&#x • CWE-400: Uncontrolled Resource Consumption •