CVSS: 6.8EPSS: 1%CPEs: 17EXPL: 0CVE-2012-0248 – ImageMagick: invalid validation of images denial of service
https://notcve.org/view.php?id=CVE-2012-0248
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF. ImageMagick v6.7.5-7 y anteriores permite a atacantes remotos causar una denegación de servicio (bucle infinito y bloqueo) a través de una imagen hecha a mano, cuya IFD contiene etiquetas IOP que referencian al principio del IDF. • http://rhn.redhat.com/errata/RHSA-2012-0544.html http://rhn.redhat.com/errata/RHSA-2012-0545.html http://secunia.com/advisories/47926 http://secunia.com/advisories/48247 http://secunia.com/advisories/48259 http://secunia.com/advisories/49043 http://secunia.com/advisories/49063 http://secunia.com/advisories/49068 http://ubuntu.com/usn/usn-1435-1 http://www.cert.fi/en/reports/2012/vulnerability595210.html http://www.debian.org/security/2012/dsa-2427 http://www& • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 4.3EPSS: 0%CPEs: 32EXPL: 0CVE-2012-0867 – postgresql: MITM due improper x509_v3 CN validation during certificate verification
https://notcve.org/view.php?id=CVE-2012-0867
PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters. PostgreSQL v8.4.x antes de v8.4.11, v9.0.x antes de v9.0.7, y v9.1.x antes de v9.1.3 trunca el nombre común a sólo 32 caracteres en la verificación de los certificados SSL, lo que permite a atacantes remotos falsificar conexiones cuando el nombre de host es exactamente de 32 caracteres. • http://lists.opensuse.org/opensuse-updates/2012-09/msg00060.html http://rhn.redhat.com/errata/RHSA-2012-0678.html http://secunia.com/advisories/49273 http://www.debian.org/security/2012/dsa-2418 http://www.mandriva.com/security/advisories?name=MDVSA-2012:026 http://www.postgresql.org/about/news/1377 http://www.postgresql.org/docs/8.4/static/release-8-4-11.html http://www.postgresql.org/docs/9.0/static/release-9-0-7.html http://www.postgresql.org/docs/9.1&#x • CWE-20: Improper Input Validation CWE-295: Improper Certificate Validation •