CVSS: 4.0EPSS: 0%CPEs: 17EXPL: 0CVE-2013-0305 – Django: Data leakage via admin history log
https://notcve.org/view.php?id=CVE-2013-0305
The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information. La interfaz administrativa para Django v1.3.x antes de v1.3.6, v1.4.x antes de v1.4.4, y v1.5 antes de la release candidate v2 no comprueba los permisos para la vista del historial, que permite a usuarios administradores autenticados obtener información del historial. • http://rhn.redhat.com/errata/RHSA-2013-0670.html http://ubuntu.com/usn/usn-1757-1 http://www.debian.org/security/2013/dsa-2634 https://www.djangoproject.com/weblog/2013/feb/19/security https://access.redhat.com/security/cve/CVE-2013-0305 https://bugzilla.redhat.com/show_bug.cgi?id=913041 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 17EXPL: 0CVE-2013-0306 – Django: Formset denial-of-service
https://notcve.org/view.php?id=CVE-2013-0306
The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service (memory consumption) or trigger server errors via a modified max_num parameter. Vulnerabilidad sin especificar en el formulario "library" en Django v1.3.x antes de v1.3.6, v1.4.x antes de v1.4.4, v1.5 antes de release candidate v2 permite a atacantes remotos evitar las restricciones de los recursos y causar una denegación de servicios (consumo de memoria) o disparar errores del servidor a través de un parámetro max_num modificado. • http://rhn.redhat.com/errata/RHSA-2013-0670.html http://ubuntu.com/usn/usn-1757-1 http://www.debian.org/security/2013/dsa-2634 https://www.djangoproject.com/weblog/2013/feb/19/security https://access.redhat.com/security/cve/CVE-2013-0306 https://bugzilla.redhat.com/show_bug.cgi?id=913042 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 7%CPEs: 96EXPL: 1CVE-2012-6129
https://notcve.org/view.php?id=CVE-2012-6129
Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted "micro transport protocol packets." Desbordamiento de búfer basado en pila en utp.cpp en libutp, tal como se utiliza en la transmisión antes de v2.74 y posiblemente otros productos, permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de "paquetes de protocolo micro de transporte" elaborados para este proposito. • http://lists.opensuse.org/opensuse-updates/2013-03/msg00064.html http://www.openwall.com/lists/oss-security/2013/02/13/1 http://www.ubuntu.com/usn/USN-1747-1 https://bugzilla.redhat.com/show_bug.cgi?id=909934 https://trac.transmissionbt.com/changeset/13646 https://trac.transmissionbt.com/ticket/5002 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 9EXPL: 0CVE-2013-0765
https://notcve.org/view.php?id=CVE-2013-0765
Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 do not prevent multiple wrapping of WebIDL objects, which allows remote attackers to bypass intended access restrictions via unspecified vectors. Mozilla Firefox antes de v19.0, Thunderbird antes v17.0.3 y SeaMonkey antes de v2.16 no impiden envoltorios múltiples de objetos WebIDL, que permite ataques remotos que evitan las restricciones de acceso destinados a través de vectores sin especificar. • http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html http://lists.opensuse.org/opensuse-updates/2013-02/msg00062.html http://www.mozilla.org/security/announce/2013/mfsa2013-23.html http://www.ubuntu.com/usn/USN-1729-1 http://www.ubuntu.com/usn/USN-1729-2 https://bugzilla.mozilla.org/show_bug.cgi?id=830614 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17097 •
CVSS: 9.3EPSS: 1%CPEs: 13EXPL: 0CVE-2013-0773
https://notcve.org/view.php?id=CVE-2013-0773
The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) implementations in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent modifications to a prototype, which allows remote attackers to obtain sensitive information from chrome objects or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site. Las implementaciones de Chrome Object Wrapper (COW) y System Only Wrapper (SOW) en Mozilla Firefox anteriores a v19.0, Firefox ESR v17.x y anteriores a v17.0.3, Thunderbird anteriores a v17.0.3, Thunderbird ESR v17.x y anteriores a v17.0.3, y SeaMonkey anteriores a v2.16 no previenen de modificaciones en un prototipo, lo que permite a atacantes remotos la obtención de informacion sensible en los objetos chrome o la posibilidad de ejecutar código JavaScript arbitrario con privilegios chorme mediante un sitio web modificado. • http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html http://lists.opensuse.org/opensuse-updates/2013-02/msg00062.html http://www.debian.org/security/2013/dsa-2699 http://www.mozilla.org/security/announce/2013/mfsa2013-24.html http://www.ubuntu.com/usn/USN-1729-1 http://www.ubuntu.com/usn/USN-1729-2 http://www.ubuntu.com/usn/USN-1748-1 https://bugzilla.mozilla.org/show_bug.cgi?id=809652 https://oval.cisecurity.org/repository/search/definition/ov •