Page 33 of 495 results (0.019 seconds)

CVSS: 4.0EPSS: 0%CPEs: 12EXPL: 0

CVE-2013-5891 – mysql: unspecified vulnerability related to Partition DoS (CPU Jan 2014)

https://notcve.org/view.php?id=CVE-2013-5891

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition. Vulnerabilidad no especificada en el componente MySQL Server en Oracle MYSQL 5.5.33 y anteriores y 5.6.13 y anteriores permite a usuarios autenticados remotamente afectar a la disponibilidad a través de vectores desconocidos relacionados con "Partition". • http://osvdb.org/102070 http://rhn.redhat.com/errata/RHSA-2014-0173.html http://rhn.redhat.com/errata/RHSA-2014-0186.html http://rhn.redhat.com/errata/RHSA-2014-0189.html http://secunia.com/advisories/56491 http://secunia.com/advisories/56580 http://security.gentoo.org/glsa/glsa-201409-04.xml http://ubuntu.com/usn/usn-2086-1 http://www.debian.org/security/2014/dsa-2848 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www •

CVSS: 4.3EPSS: 13%CPEs: 25EXPL: 3

CVE-2012-6151 – Net-SNMP - SNMPD AgentX Subagent Timeout Denial of Service

https://notcve.org/view.php?id=CVE-2012-6151

Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout. Net-SNMP 5.7.1 y anteriores, cuando AgentX está registrando para manejar una MIB y tramitación de solicitudes de GETNEXT, permite a atacantes remotos provocar una denegación de servicio (caída o bucle infinito, consumo de CPU, y bloqueo) causando timeout en el subagente AgentX • https://www.exploit-db.com/exploits/38854 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html http://seclists.org/oss-sec/2013/q4/398 http://seclists.org/oss-sec/2013/q4/415 http://secunia.com/advisories/55804 http://secunia.com/advisories/57870 http://secunia.com/advisories/59974 http://sourceforge.net/p/net-snmp/bugs/2411 http://www.gentoo.org/security/en/glsa/glsa-201409-02& • CWE-399: Resource Management Errors •

CVSS: 3.6EPSS: 0%CPEs: 9EXPL: 2

CVE-2012-6150 – samba: pam_winbind fails open when non-existent group specified to require_membership_of

https://notcve.org/view.php?id=CVE-2012-6150

The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator's pam_winbind configuration-file mistake. La función winbind_name_list_to_sid_string_list en nsswitch/pam_winbind.c en Samba hasta v4.1.2 maneja nombres de grupo require_membership_of inválidos aceptando autenticación de cualquier usuario, lo cual permite a usuarios autenticados remotamente sortear restricciones de acceso en circunstancias oportunistas mediante el aprovechamiento de un error en el fichero de configuración de administración pam_winbind. • http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00088.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00063. • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 59%CPEs: 15EXPL: 0

CVE-2013-6712 – php: heap-based buffer over-read in DateInterval

https://notcve.org/view.php?id=CVE-2013-6712

The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification. La función de análisis en ext/date/lib/parse_iso_intervals.c de PHP hasta la versión 5.5.6 no restringe adecuadamente la creación de objetos DateInterval, lo que podría permitir a atacantes remotos provocar una denegación de servicio (desbordamiento de búfer basado en memoria dinámica) a través de una especificación de intervalo manipulada. A buffer over-read flaw was found in the way the DateInterval class parsed interval specifications. An attacker able to make a PHP application parse a specially crafted specification using DateInterval could possibly cause the PHP interpreter to crash. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=12fe4e90be7bfa2a763197079f68f5568a14e071 http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00125.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00126.html http://rhn.redhat.com/errata/RHSA-2014-1765.html http://www.debian.org/security/2013/dsa-2816 http://www.ubuntu.com/usn/USN-2055-1 https://bugs.php.net/bug.php?id=66060 https://h20564&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVSS: 4.1EPSS: 0%CPEs: 10EXPL: 0

CVE-2013-4475 – samba: no access check verification on stream files

https://notcve.org/view.php?id=CVE-2013-4475

Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated alternate data stream (ADS). Samba 3.x anteriores a 3.6.20, 4.0.x anteriores a 4.0.11, y 4.1.x anteriores a 4.1.1, cuando vfs_streams_depot o vfs_streams_xattr está activo, permite a atacantes remotos sortear restricciones de fichero aprovechando diferencias en las ACL entre un fichero un "alternate data stream" (ADS) asociado. • http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00002.html http://lists.opensuse.org/opensuse-updates/2013-11/msg00083.html http://lists.opensuse.org/opensuse-updates/2013-11/msg00115.html http://lists.opensuse.org/opensuse-updates/2013-11/msg00117.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00088.html http://rhn.redhat.com/errata/RHSA-2013-1806.html http://rhn.redhat.com/errata • CWE-264: Permissions, Privileges, and Access Controls •