CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2013-4752
https://notcve.org/view.php?id=CVE-2013-4752
Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to inject malicious content into the Web application page and conduct various attacks. Symfony versiones 2.0.X anteriores a 2.0.24, versiones 2.1.X anteriores a 2.1.12, versiones 2.2.X anteriores a 2.2.5 y versiones 2.3.X anteriores a 2.3.3, tienen un problema en el componente HttpFoundation. El atacante puede manipular el encabezado del host cuando el framework está generando una URL absoluta. • http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114450.html http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114461.html http://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released http://www.securityfocus.com/bid/61715 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4752 https://exchange.xforce.ibmcloud.com/vulnerabilities/86365 https://exchange.xforce.ibmcloud.com/vulnerabilities/86366 https://exchange.xforce.ibm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 20%CPEs: 5EXPL: 0CVE-2019-13767 – chromium-browser: Use after free in media picker
https://notcve.org/view.php?id=CVE-2019-13767
Use after free in media picker in Google Chrome prior to 79.0.3945.88 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en media picker en Google Chrome versiones anteriores a la versión 79.0.3945.88, permitió a un atacante remoto que ha comprometido el proceso del renderizador explotar potencialmente una corrupción de la pila por medio de una página HTML especialmente diseñada. Chrome suffers from a heap use-after-free vulnerability in DesktopMediaPickerController::WebContentsDestroyed. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00005.html http://packetstormsecurity.com/files/156563/Chrome-DesktopMediaPickerController-WebContentsDestroyed-Use-After-Free.html https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop_17.html https://crbug.com/1031653 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK https://seclists.org/bugtraq/2020/Jan/27 https://security.gentoo.org/glsa/202003-08 https:/& • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2013-4161
https://notcve.org/view.php?id=CVE-2013-4161
gksu-polkit-0.0.3-6.fc18 was reported as fixing the issue in CVE-2012-5617 but the patch was improperly applied and it did not fixed the security issue. Se reportó que gksu-polkit-0.0.3-6.fc18 corrigió el problema en CVE-2012-5617, pero el parche fue aplicado inapropiadamente y no corrigió el problema de seguridad. • http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113182.html http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113218.html https://access.redhat.com/security/cve/cve-2013-4161 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4161 https://security-tracker.debian.org/tracker/CVE-2013-4161 • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-20176
https://notcve.org/view.php?id=CVE-2019-20176
In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c. En Pure-FTPd versión 1.0.49, Se descubrió un problema de agotamiento de la pila en la función listdir en el archivo ls.c. • https://github.com/jedisct1/pure-ftpd/commit/aea56f4bcb9948d456f3fae4d044fd3fa2e19706 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AHZG5FPCRMCB6Z3L7FPICC6BZ5ZATFTO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PICL3U2J4EPGBLOE555Y5RAZTQL3WBBV • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 2%CPEs: 4EXPL: 0CVE-2012-5645
https://notcve.org/view.php?id=CVE-2012-5645
A denial of service flaw was found in the way the server component of Freeciv before 2.3.4 processed certain packets. A remote attacker could send a specially-crafted packet that, when processed would lead to memory exhaustion or excessive CPU consumption. Se encontró un fallo de denegación de servicio en la manera en que el componente Freeciv del servidor versiones anteriores a la versión 2.3.4 procesaba ciertos paquetes. Un atacante remoto podría enviar un paquete especialmente diseñado que, cuando se procese, conllevaría al agotamiento de la memoria o el consumo excesivo de la CPU. • http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095378.html http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095381.html http://lists.fedoraproject.org/pipermail/package-announce/2013-January/096391.html http://www.openwall.com/lists/oss-security/2012/12/18/5 http://www.openwall.com/lists/oss-security/2012/12/22/4 http://www.openwall.com/lists/oss-security/2012/12/30/11 http://www.openwall.com/lists/oss-security/2012/12/30/8 http:&#x • CWE-400: Uncontrolled Resource Consumption •