CVE-2013-6460
https://notcve.org/view.php?id=CVE-2013-6460
Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents La gema Nokogiri versiones 1.5.x, tiene una Denegación de Servicio por medio de un bucle infinito cuando se analizan documentos XML. • http://www.openwall.com/lists/oss-security/2013/12/27/2 http://www.securityfocus.com/bid/64513 https://access.redhat.com/security/cve/cve-2013-6460 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6460 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-6460 https://exchange.xforce.ibmcloud.com/vulnerabilities/90058 https://security-tracker.debian.org/tracker/CVE-2013-6460 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVE-2013-2255
https://notcve.org/view.php?id=CVE-2013-2255
HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates. HTTPSConnections en OpenStack Keystone versión 2013, OpenStack Compute versión 2013.1 y posiblemente otros componentes de OpenStack, no pueden comprobar los certificados SSL del lado del servidor. • https://access.redhat.com/security/cve/cve-2013-2255 https://bugs.launchpad.net/ossn/+bug/1188189 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2255 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-2255 https://exchange.xforce.ibmcloud.com/vulnerabilities/85562 https://security-tracker.debian.org/tracker/CVE-2013-2255 https://www.securityfocus.com/bid/61118 • CWE-295: Improper Certificate Validation •
CVE-2018-1000808 – pyOpenSSL: Failure to release memory before removing last reference in PKCS #12 Store
https://notcve.org/view.php?id=CVE-2018-1000808
Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploitable via Depends upon calling application, however it could be as simple as initiating a TLS connection. Anything that would cause the calling application to reload certificates from a PKCS #12 store.. This vulnerability appears to have been fixed in 17.5.0. Python Cryptographic Authority pyopenssl en versiones anteriores a la 17.5.0 contiene una vulnerabilidad CWE - 401: Error al liberar memoria antes de eliminar la última referencia en PKCS #12 Store que puede resultar en una denegación de servicio (DoS) si hay poca memoria o ésta se agota. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00014.html https://access.redhat.com/errata/RHSA-2019:0085 https://github.com/pyca/pyopenssl/pull/723 https://usn.ubuntu.com/3813-1 https://access.redhat.com/security/cve/CVE-2018-1000808 https://bugzilla.redhat.com/show_bug.cgi?id=1640216 • CWE-400: Uncontrolled Resource Consumption CWE-404: Improper Resource Shutdown or Release •
CVE-2018-10875 – ansible: ansible.cfg is being read from current working directory allowing possible code execution
https://notcve.org/view.php?id=CVE-2018-10875
A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code. Se ha encontrado un error en ansible. ansible.cfg se lee desde el directorio de trabajo actual, que puede alterarse para hacer que señale a un plugin o una ruta de módulo bajo el control de un atacante, permitiendo que el atacante ejecute código arbitrario. It was found that ansible.cfg is being read from the current working directory, which can be made to point to plugin or module paths that are under control of the attacker. This could allow an attacker to execute arbitrary code. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html http://www.securitytracker.com/id/1041396 https://access.redhat.com/errata/RHBA-2018:3788 https://access.redhat.com/errata/RHSA-2018:2150 https://access.redhat.com/errata/RHSA-2018:2151 https://access.redhat.com/errata/RHSA-2018:2152 https://access.redhat.com/errata/RHSA-2018:2166 https://access.redhat.com/errata/RHSA-2018:2321 https://access.redhat.com/errata/RHSA-2018:2585 https://access.redhat.co • CWE-426: Untrusted Search Path •
CVE-2018-1059 – dpdk: Information exposure in unchecked guest physical to host virtual address translations
https://notcve.org/view.php?id=CVE-2018-1059
The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable. La interfaz vhost de usuario de DPDK no verifica que el rango físico invitado solicitado esté mapeado y sea contiguo al realizar traducciones de direcciones físicas de invitado a direcciones virtuales del host. Esto podría conducir a que un invitado malicioso exponga la memoria del proceso del backend del usuario vhost. • https://access.redhat.com/errata/RHSA-2018:1267 https://access.redhat.com/errata/RHSA-2018:2038 https://access.redhat.com/errata/RHSA-2018:2102 https://access.redhat.com/errata/RHSA-2018:2524 https://access.redhat.com/security/cve/cve-2018-1059 https://bugzilla.redhat.com/show_bug.cgi?id=1544298 https://usn.ubuntu.com/3642-1 https://usn.ubuntu.com/3642-2 https://access.redhat.com/security/cve/CVE-2018-1059 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •