CVSS: 5.0EPSS: 0%CPEs: 17EXPL: 0CVE-2013-0306 – Django: Formset denial-of-service
https://notcve.org/view.php?id=CVE-2013-0306
The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service (memory consumption) or trigger server errors via a modified max_num parameter. Vulnerabilidad sin especificar en el formulario "library" en Django v1.3.x antes de v1.3.6, v1.4.x antes de v1.4.4, v1.5 antes de release candidate v2 permite a atacantes remotos evitar las restricciones de los recursos y causar una denegación de servicios (consumo de memoria) o disparar errores del servidor a través de un parámetro max_num modificado. • http://rhn.redhat.com/errata/RHSA-2013-0670.html http://ubuntu.com/usn/usn-1757-1 http://www.debian.org/security/2013/dsa-2634 https://www.djangoproject.com/weblog/2013/feb/19/security https://access.redhat.com/security/cve/CVE-2013-0306 https://bugzilla.redhat.com/show_bug.cgi?id=913042 • CWE-189: Numeric Errors •
CVSS: 4.0EPSS: 0%CPEs: 17EXPL: 0CVE-2013-0305 – Django: Data leakage via admin history log
https://notcve.org/view.php?id=CVE-2013-0305
The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information. La interfaz administrativa para Django v1.3.x antes de v1.3.6, v1.4.x antes de v1.4.4, y v1.5 antes de la release candidate v2 no comprueba los permisos para la vista del historial, que permite a usuarios administradores autenticados obtener información del historial. • http://rhn.redhat.com/errata/RHSA-2013-0670.html http://ubuntu.com/usn/usn-1757-1 http://www.debian.org/security/2013/dsa-2634 https://www.djangoproject.com/weblog/2013/feb/19/security https://access.redhat.com/security/cve/CVE-2013-0305 https://bugzilla.redhat.com/show_bug.cgi?id=913041 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.8EPSS: 1%CPEs: 18EXPL: 0CVE-2013-0772 – Mozilla: Out-of-bounds read in image rendering (MFSA 2013-22)
https://notcve.org/view.php?id=CVE-2013-0772
The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) via a crafted GIF image. La función RasterImage::DrawFrameTo function en Mozilla Firefox anterior a v19.0, Thunderbird anterior a v17.0.3, y SeaMonkey anterior a v2.16, permite a atacantes remotos obtener información sensible de los procesos de memoria o provocar una denegación de servicio (lectura de memoria fuera de rango o caída de aplicación) a través de una imagen GIF manipulada. • http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html http://lists.opensuse.org/opensuse-updates/2013-02/msg00062.html http://rhn.redhat.com/errata/RHSA-2013-1812.html http://www.mozilla.org/security/announce/2013/mfsa2013-22.html http://www.ubuntu.com/usn/USN-1729-1 http://www.ubuntu.com/usn/USN-1729-2 https://bugzilla.mozilla.org/show_bug.cgi?id=801366 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17159 https:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.3EPSS: 1%CPEs: 12EXPL: 0CVE-2013-0778
https://notcve.org/view.php?id=CVE-2013-0778
The ClusterIterator::NextCluster function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. La función ClusterIterator::NextCluster en Mozilla Firefox anterior a v19.0, Thunderbird anterior a v17.0.3, y SeaMonkey anterior a v2.16 permite a atacantes remotos ejecutar código arbitrio o causar una denegación de servicio (lectura fuera de límites) a través de vectores no especificados • http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html http://lists.opensuse.org/opensuse-updates/2013-02/msg00062.html http://www.mozilla.org/security/announce/2013/mfsa2013-28.html http://www.ubuntu.com/usn/USN-1729-1 http://www.ubuntu.com/usn/USN-1729-2 http://www.ubuntu.com/usn/USN-1748-1 https://bugzilla.mozilla.org/show_bug.cgi?id=798867 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16619 • CWE-125: Out-of-bounds Read •
CVSS: 9.3EPSS: 1%CPEs: 9EXPL: 0CVE-2013-0765
https://notcve.org/view.php?id=CVE-2013-0765
Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 do not prevent multiple wrapping of WebIDL objects, which allows remote attackers to bypass intended access restrictions via unspecified vectors. Mozilla Firefox antes de v19.0, Thunderbird antes v17.0.3 y SeaMonkey antes de v2.16 no impiden envoltorios múltiples de objetos WebIDL, que permite ataques remotos que evitan las restricciones de acceso destinados a través de vectores sin especificar. • http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html http://lists.opensuse.org/opensuse-updates/2013-02/msg00062.html http://www.mozilla.org/security/announce/2013/mfsa2013-23.html http://www.ubuntu.com/usn/USN-1729-1 http://www.ubuntu.com/usn/USN-1729-2 https://bugzilla.mozilla.org/show_bug.cgi?id=830614 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17097 •