CVSS: 9.8EPSS: 36%CPEs: 27EXPL: 0CVE-2013-1862 – httpd: mod_rewrite allows terminal escape sequences to be written to the log file
https://notcve.org/view.php?id=CVE-2013-1862
10 Jun 2013 — mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator. mod_rewrite.c en el modulo mod_rewrite en Apache HTTP Server v2.2.x anterior a v2.2.25 escribe datos en un archivo de log sin eliminar caracteres no imprimibles, lo que podría permitir a un atacante remotos ejecutar... • http://lists.opensuse.org/opensuse-updates/2013-08/msg00026.html •
CVSS: 7.4EPSS: 0%CPEs: 10EXPL: 0CVE-2012-6137 – subscription-manager: rhn-migrate-classic-to-rhsm missing SSL certificate verification
https://notcve.org/view.php?id=CVE-2012-6137
21 May 2013 — rhn-migrate-classic-to-rhsm tool in Red Hat subscription-manager does not verify the Red Hat Network Classic server's X.509 certificate when migrating to a Certificate-based Red Hat Network, which allows remote man-in-the-middle attackers to obtain sensitive information such as user credentials. rhn-migrate-classic-to-rhsm tool en Red Hat subscription-manager no verifica el certificado de servidor X.509 en Red Hat Network Classic cuando se está migrando a Certificate-based Red Hat Network, lo que permite a ... • http://osvdb.org/93058 • CWE-255: Credentials Management Errors •
CVSS: 7.5EPSS: 23%CPEs: 23EXPL: 0CVE-2002-2443 – krb5: UDP ping-pong flaw in kpasswd
https://notcve.org/view.php?id=CVE-2002-2443
21 May 2013 — schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103. schpw.c en el servicio kpasswd en kadmind en MIT Kerberos 5 (conocido como krb5) anterior a v1.11.3 no valida correctamente los paquetes UDP an... • http://krbdev.mit.edu/rt/Ticket/Display.html?id=7637 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 91%CPEs: 15EXPL: 3CVE-2013-2729 – Adobe Reader and Acrobat Arbitrary Integer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2013-2729
16 May 2013 — Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2727. Desbordamiento de entero en Adobe Reader y Acrobat v9.x anterior a v9.5.5, v10.x anterior a v10.1.7, y v11.x anterior a v11.0.03 permite a atacantes remotos ejecutar código arbitrario mediante vectores desconocidos, una vulnerabilidad diferente a CVE-2013-2727. Multiple vulnerabilities have... • https://packetstorm.news/files/id/122309 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 2%CPEs: 12EXPL: 0CVE-2013-1416 – krb5: NULL pointer dereference (DoS, KDC crash) by processing certain TGS requests
https://notcve.org/view.php?id=CVE-2013-1416
19 Apr 2013 — The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request. La función prep_reprocess_req en do_tgs_req.c en el Key Distribution Center (KDC) en MIT Kerberos 5 (aka krb5) antes de v1.10.5 no realiza correctamente el servicio ámbito de refer... • http://krbdev.mit.edu/rt/Ticket/Display.html?id=7600 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2013-2375 – mysql: unspecified vulnerability related to Server Privileges (CPU April 2013)
https://notcve.org/view.php?id=CVE-2013-2375
17 Apr 2013 — Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad no especificada en Oracle MySQL v5.1.68 y anteriores, v5.5.30 y anteriores, y v5.6.10 y anteriores permite a usuarios remotos autenticados afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos. Multiple vulnerabilities have been found in MySQL, ... • http://rhn.redhat.com/errata/RHSA-2013-0772.html •
CVSS: 7.4EPSS: 0%CPEs: 10EXPL: 0CVE-2013-2378 – mysql: unspecified vulnerability related to Information Schema (CPU April 2013)
https://notcve.org/view.php?id=CVE-2013-2378
17 Apr 2013 — Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema. Vulnerabilidad no especificada en Oracle MySQL v1.5.67 y anteriores, v5.5.29 y anteriores, y v5.6.10 y anteriores permite a usuarios remotos autenticados afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con el In... • http://rhn.redhat.com/errata/RHSA-2013-0772.html •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2013-2391 – mysql: unspecified vulnerability related to Server Install (CPU April 2013)
https://notcve.org/view.php?id=CVE-2013-2391
17 Apr 2013 — Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install. Vulnerabilidad sin especificar en Oracle MySQL 5.1.18 y anteriores, 5.5.30 y anteriores y 5.6.10 y anteriores, permite a usuarios autenticados remotamente comprometer la confidencialidad e integridad a través de vectores desconocidos relacionados con Server Install. Multiple vulnerabilities have been... • http://rhn.redhat.com/errata/RHSA-2013-0772.html •
CVSS: 7.4EPSS: 0%CPEs: 9EXPL: 0CVE-2013-1521 – mysql: unspecified vulnerability related to Server Locking (CPU April 2013)
https://notcve.org/view.php?id=CVE-2013-1521
17 Apr 2013 — Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Locking. Vulnerabilidad no especificada en Oracle MySQL v5.1.67 y anteriores y v5.5.29 y anteriores permite a atacantes remotos afectar la integridad, confidencialidad y disponibilidad mediante vectores desconocidos relacionados con Server Locking. Multiple vulnerabilities have been found in MySQL, a... • http://rhn.redhat.com/errata/RHSA-2013-0772.html •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2013-1531 – mysql: unspecified vulnerability related to Server Privileges (CPU April 2013)
https://notcve.org/view.php?id=CVE-2013-1531
17 Apr 2013 — Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Privileges. Vulnerabilidad no especificada en Oracle MySQL v5.1.66 y anteriores y v5.5.28 y anteriores, permite a usuarios autenticados remotamente comprometer la disponibilidad a través de vectores desconocidos relacionados con Server Privileges. Multiple vulnerabilities have been found in MySQL, al... • http://rhn.redhat.com/errata/RHSA-2013-0772.html •