CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0CVE-2013-4314
https://notcve.org/view.php?id=CVE-2013-4314
The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. La X509Extension en pyOpenSSL ante de 0.13.1 no maneja apropiadamente el carácter "\0" en el nombre de dominio en el campo Subject Alternative Name de un certificado X.509 que permite a atacantes man-in-the-middle suplantar servidores SSL a través de un un certificado manipulado emitido por una autoridad de certificación legítima • http://lists.opensuse.org/opensuse-updates/2013-11/msg00015.html http://www.debian.org/security/2013/dsa-2763 http://www.openwall.com/lists/oss-security/2013/09/06/2 http://www.ubuntu.com/usn/USN-1965-1 https://bugzilla.redhat.com/show_bug.cgi?id=1005325 https://mail.python.org/pipermail/pyopenssl-users/2013-September/000478.html • CWE-20: Improper Input Validation •
CVSS: 6.9EPSS: 0%CPEs: 5EXPL: 0CVE-2013-1060
https://notcve.org/view.php?id=CVE-2013-1060
A certain Ubuntu build procedure for perf, as distributed in the Linux kernel packages in Ubuntu 10.04 LTS, 12.04 LTS, 12.10, 13.04, and 13.10, sets the HOME environment variable to the ~buildd directory and consequently reads the system configuration file from the ~buildd directory, which allows local users to gain privileges by leveraging control over the buildd account. Cierto procedimiento build de Ubuntu para perf, tal y como es distribuido en los paquetes del kernel Linux en Ubuntu 10.04 LTS, 12.04 LTS, 12.10, 13.04, y 13.10, establece la variable de entorno HOME al directorio ~buildd y consecuentemente lee el fichero de configuración del sistema del directorio ~buildd, lo cual permite a usuarios locales obtener privilegios aprovechando el control sobre la cuenta buildd. • http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1060.html http://www.ubuntu.com/usn/USN-1938-1 http://www.ubuntu.com/usn/USN-1939-1 http://www.ubuntu.com/usn/USN-1941-1 http://www.ubuntu.com/usn/USN-1942-1 http://www.ubuntu.com/usn/USN-1943-1 http://www.ubuntu.com/usn/USN-1944-1 http://www.ubuntu.com/usn/USN-1945-1 http://www.ubuntu.com/usn/USN-1946-1 http://www.ubuntu.com/usn/USN-1947-1 https://launchpad • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 2%CPEs: 95EXPL: 0CVE-2013-4248 – php: hostname check bypassing vulnerability in SSL client
https://notcve.org/view.php?id=CVE-2013-4248
The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. La función openssl_x509_parse en openssl.c en el módulo OpenSSL en PHP anterior a v5.4.18 y v5.5.x anterior v5.5.2 no manejar adecuadamente un carácter “\0” en un nombre de dominio en el campo Subject Alternative Name de un certificado X.509, lo que permite a atacantes "man-in-the-middle" suplantar servidores SSL de su elección mediante un certificado manipulado expedido por una Autoridad Certificadora legítima, un problema relacionado con CVE-2009-2408. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=2874696a5a8d46639d261571f915c493cd875897 http://lists.opensuse.org/opensuse-updates/2013-12/msg00125.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00126.html http://marc.info/?l=bugtraq&m=141390017113542&w=2 http://rhn.redhat.com/errata/RHSA-2013-1307.html http://rhn.redhat.com/errata/RHSA-2013-1615.html http://secunia.com/advisories/54478 http://secunia.com/advisories/54657 http://secunia.com/advisories/55078 http:&#x • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 96%CPEs: 177EXPL: 1CVE-2013-4124 – Samba 3.5.22/3.6.17/4.0.8 - nttrans Reply Integer Overflow
https://notcve.org/view.php?id=CVE-2013-4124
Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet. Desbordamiento de entero en la función read_nttrans_ea_list en nttrans.c en smbd en Samba v3.x anterior a v3.5.22, v3.6.x anterior a v3.6.17, y v4.x anterior a v4.0.8 permite a atacantes remotos causar una denegación de servicio (por excesivo consumo de memoria) a través de un paquete con formato erróneo. Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet. Important Note: in order to work, the "ea support" option on the target share must be enabled. • https://www.exploit-db.com/exploits/27778 http://archives.neohapsis.com/archives/bugtraq/2013-08/0028.html http://ftp.samba.org/pub/samba/patches/security/samba-4.0.7-CVE-2013-4124.patch http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113591.html http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114011.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00012&# • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 1.9EPSS: 0%CPEs: 96EXPL: 0CVE-2013-4242 – GnuPG susceptible to Yarom/Falkner flush+reload cache side-channel attack
https://notcve.org/view.php?id=CVE-2013-4242
GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload. GnuPG anterior a 1.4.14, y Libgcrypt anterior a 1.5.3 usado en GnuPG 2.0.x y posiblemente otros productos, permite a usuarios locales obtener las claves RSA privadas a través de un ataque "side-channel" que involucra la caché L3. Aka Flush+Reload. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717880 http://eprint.iacr.org/2013/448 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html http://lists.opensuse.org/opensuse-updates/2013-08/msg00003.html http://rhn.redhat.com/errata/RHSA-2013-1457.html http://secunia.com/advisories/54318 http://secunia.com/advisories/54321 http://secunia.com/advisories/54332 http://secunia.com/advisories/54375 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •