CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 0CVE-2013-4235
https://notcve.org/view.php?id=CVE-2013-4235
shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees shadow: condición de carrera TOCTOU (de tiempo de comprobación y tiempo de uso) cuando se copia y elimina árboles de directorio. • https://access.redhat.com/security/cve/cve-2013-4235 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235 https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E https://security-tracker.debian.org/tracker/CVE-2013-4235 https://security.gentoo.org/glsa/202210-26 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 4.7EPSS: 0%CPEs: 12EXPL: 0CVE-2019-18660 – kernel: powerpc: incomplete Spectre-RSB mitigation leads to information exposure
https://notcve.org/view.php?id=CVE-2019-18660
The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c. El kernel de Linux anterior a la versión 5.4.1 en powerpc permite la exposición de información porque la mitigación Spectre-RSB no está implementada para todas las CPU aplicables, también conocido como CID-39e72bf96f58. Esto está relacionado con arch / powerpc / kernel / entry_64.S y arch / powerpc / kernel / security.c. A flaw was found in the way the Linux kernel implemented a software flush of the Count Cache (indirect branch cache) and Link (Return Address) Stack on the PowerPC platform. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://www.openwall.com/lists/oss-security/2019/11/27/1 https://access.redhat.com/errata/RHSA-2020:0174 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.1 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39e72bf96f5847ba87cc5bd7a3ce0fed813dc9ad https://lists.fedoraproject.org& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2011-2515
https://notcve.org/view.php?id=CVE-2011-2515
PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code. PackageKit versión 0.6.17, permite la instalación de paquetes RPM sin firmar como si estuvieran firmados, lo que puede permitir la instalación de paquetes no seguros y la ejecución de código arbitrario. • https://access.redhat.com/security/cve/cve-2011-2515 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2515 https://security-tracker.debian.org/tracker/CVE-2011-2515 https://www.securityfocus.com/bid/48557/info • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.3EPSS: 1%CPEs: 3EXPL: 1CVE-2011-2207
https://notcve.org/view.php?id=CVE-2011-2207
dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to cause a denial of service (DOS) via a specially-crafted certificate. dirmngr versiones anteriores a la versión 2.1.0, maneja inapropiadamente determinadas llamadas del sistema, lo que permite a atacantes remotos causar una denegación de servicio (DOS) por medio de un certificado especialmente diseñado. • https://access.redhat.com/security/cve/cve-2011-2207 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627377 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2207 https://security-tracker.debian.org/tracker/CVE-2011-2207 https://www.openwall.com/lists/oss-security/2011/06/15/6 • CWE-295: Improper Certificate Validation •
CVSS: 2.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4980
https://notcve.org/view.php?id=CVE-2016-4980
A password generation weakness exists in xquest through 2016-06-13. Existe una debilidad de generación de contraseña en xquest hasta 13-06-2016. • https://access.redhat.com/security/cve/cve-2016-4980 https://bugzilla.redhat.com/show_bug.cgi?id=1346016 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-4980 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVW2QJFNZUZYBN4M4YUE7S2NZBWWMGES • CWE-330: Use of Insufficiently Random Values •