CVSS: 6.8EPSS: 9%CPEs: 169EXPL: 1CVE-2013-2174 – curl: Loop counter error, leading to heap-based buffer overflow when decoding certain URLs
https://notcve.org/view.php?id=CVE-2013-2174
Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent) character. Desbordamiento de búfer basado en memoria dinámica en la función curl_easy_unescape en lib/escape.c en cURL y libcurl 7.7 a la 7.30.0, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente la ejecución de código arbitrario a través de una cadena manipulada que termina con el carácter "%". • http://curl.haxx.se/docs/adv_20130622.html http://lists.opensuse.org/opensuse-updates/2013-07/msg00013.html http://rhn.redhat.com/errata/RHSA-2013-0983.html http://www.debian.org/security/2013/dsa-2713 http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.securityfocus.com/bid/60737 http://www.ubuntu.com/usn/USN-1894-1 https://github.com/bagder/curl/commit/192c4f788d48 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2013-1943 – kernel: kvm: missing check in kvm_set_memory_region()
https://notcve.org/view.php?id=CVE-2013-1943
The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guest's physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted application, related to arch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c. El subsistema KVM en el kernel de Linux anterior a v3.0 no comprueba si las direcciones del núcleo se especifican durante la asignación de slots de memoria para su uso en el espacio de direcciones físicas huesped, permitiendo a usuarios locales conseguir privilegios u obtener información confidencial de la memoria del núcleo a través de una aplicación especialmente diseñada, relacionada con arch/x86/kvm/paging_tmpl.h y virt/kvm/kvm_main.c. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fa3d315a4ce2c0891cdde262562e710d95fba19e http://web.archive.org/web/20130329070349/http://ftp.osuosl.org/pub/linux/kernel/v3.0/ChangeLog-3.0 http://www.ubuntu.com/usn/USN-1939-1 https://bugzilla.redhat.com/show_bug.cgi?id=950490 https://github.com/torvalds/linux/commit/fa3d315a4ce2c0891cdde262562e710d95fba19e https://access.redhat.com/security/cve/CVE-2013-1943 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.9EPSS: 0%CPEs: 9EXPL: 1CVE-2013-2852 – Linux Kernel 3.3.5 - 'b43' Wireless Driver Privilege Escalation
https://notcve.org/view.php?id=CVE-2013-2852
Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message. Vulnerabilidad de formato de cadena en la función b43_request_firmware de drivers/net/wireless/b43/main.c en el driver del Broadcom B43 inhalambrico para el kernel Linux hasta la versión v3.9.4 permite a usuarios locales conseguir privilegios haciendo uso de acceso root e incluyendo especificaciones de formato de cadena en un parámetro fwpostfix modprobe, provocando una construcción inapropiada de un mensaje de error • https://www.exploit-db.com/exploits/38559 http://git.kernel.org/cgit/linux/kernel/git/linville/wireless.git/commit/?id=9538cbaab6e8b8046039b4b2eb6c9d614dc782bd http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html http://rhn.redhat.com/errata/RHSA-2013-1051.html http://rhn.redhat.com/errata/RHSA-2013-1450.html http://www.debian.org/security/2013/dsa-2766 http://www.openwall.com/lists/oss-security/2013 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 2.6EPSS: 0%CPEs: 6EXPL: 2CVE-2013-2037
https://notcve.org/view.php?id=CVE-2013-2037
httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. httplib2 0.7.2, 0.8 y anteriores, despues de la conexión inicial, no verifica que el hostname del servidor es igual al nombre de dominio en el Common Name (CN) del asunto o el campo subjectAltName del certificado X.509, lo cual permite a atacantes man-in-the-middle falsear servidores SSL a través de un certificado válido arbitrario. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706602 http://code.google.com/p/httplib2/issues/detail?id=282 http://seclists.org/oss-sec/2013/q2/257 http://www.securityfocus.com/bid/52179 http://www.ubuntu.com/usn/USN-1948-1 https://bugs.launchpad.net/httplib2/+bug/1175272 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2013-1981 – libX11: Multiple integer overflows leading to heap-based buffer-overflows
https://notcve.org/view.php?id=CVE-2013-1981
Multiple integer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XQueryFont, (2) _XF86BigfontQueryFont, (3) XListFontsWithInfo, (4) XGetMotionEvents, (5) XListHosts, (6) XGetModifierMapping, (7) XGetPointerMapping, (8) XGetKeyboardMapping, (9) XGetWindowProperty, (10) XGetImage, (11) LoadColornameDB, (12) XrmGetFileDatabase, (13) _XimParseStringFile, or (14) TransFileName functions. Múltiples desbordamientos de enteros en X.org libX11 v1.5.99.901 (1.6 RC1) y anteriores permiten que los servidores X provoquen una asignación de memoria insuficiente y un desbordamiento de búfer a través de vectores relacionados con las funciones (1) XQueryFont, (2) _XF86BigfontQueryFont, (3) XListFontsWithInfo, (4) XGetMotionEvents, (5) XListHosts, (6) XGetModifierMapping, (7) XGetPointerMapping, (8) XGetKeyboardMapping, (9) XGetWindowProperty, y (10) XGetImage. • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106781.html http://www.debian.org/security/2013/dsa-2693 http://www.openwall.com/lists/oss-security/2013/05/23/3 http://www.securityfocus.com/bid/60120 http://www.ubuntu.com/usn/USN-1854-1 http://www.x.org/wiki/Development/Security/Advisory-2013-05-23 https://access.redhat.com/security/cve/CVE-2013-1981 https://bugzilla.redhat.com/show_bug.cgi?id=959040 • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •