CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-2029 – core: Insecure temporary file usage in nagios.upgrade_to_v3.sh
https://notcve.org/view.php?id=CVE-2013-2029
18 Nov 2013 — nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others for Nagios Core 3.4.4, 3.5.1, and earlier, allows local users to overwrite arbitrary files via a symlink attack on a temporary nagioscfg file with a predictable name in /tmp/. nagios.upgrade_to_v3.sh, tal y como se distribuye por Red Hat y posiblemente otros Nagios Core 3.4.4, 3.5.1, y anteriores versiones, permite a usuarios locales sobreescribir archivos arbitrarios a través de un ataque symlink en un archivo nagioscfg temporal, con un... • http://rhn.redhat.com/errata/RHSA-2013-1526.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-377: Insecure Temporary File •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2013-4214 – core: html/rss-newsfeed.php insecure temporary file usage
https://notcve.org/view.php?id=CVE-2013-4214
18 Nov 2013 — rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary files via a symlink attack on /tmp/magpie_cache. rss-newsfeed.php en Nagios Core 3.4.4, 3.5.1, y anteriores versiones, cuando se establece MAGPIE_CACHE_ON en 1, permite a usuarios locales sobreescribir archivos arbitrarios a través de un ataque symlink en /tmp/magpie_cache. Nagios is a program that can monitor hosts and services on your network. It can send email or page ale... • http://rhn.redhat.com/errata/RHSA-2013-1526.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-377: Insecure Temporary File •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2013-4386 – Foreman: host and host group parameter SQL injection
https://notcve.org/view.php?id=CVE-2013-4386
14 Nov 2013 — Multiple SQL injection vulnerabilities in app/models/concerns/host_common.rb in Foreman before 1.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) fqdn or (2) hostgroup parameter. Múltiples vulnerabilidades de inyección SQL en app/models/concerns/host_common.rb de Foreman anterior a la versión 1.2.3 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de (1) fqdn o (2) parámetro hostgroup. The Foreman packages provide facilities for rapidly deploying Red Hat OpenStac... • http://projects.theforeman.org/issues/3160 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2013-4222 – OpenStack: Keystone disabling a tenant does not disable a user token
https://notcve.org/view.php?id=CVE-2013-4222
30 Sep 2013 — OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token. OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 y anteriores, y Havana anterior havana-3 no revoca correctamente los tokens de usuario cuando un inquilino esta desactivado, lo que permite a los usuarios remotos autenticados conservan el acceso a través del token. The openst... • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116489.html • CWE-522: Insufficiently Protected Credentials CWE-613: Insufficient Session Expiration •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2013-4180 – Foreman: hosts_controller.rb power/ipmi_boot Symbol creation DoS
https://notcve.org/view.php?id=CVE-2013-4180
04 Sep 2013 — The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service (memory consumption) via unspecified input that is converted to a symbol. Las acciones (1) power y (2) ipmi_boot en el HostController de Foreman anterior 1.2.2 permite a atacante remoto causar denegacion de servicio (consumo de memoria) a través de una entrda sin especificar que es convertida a un simbolo The Foreman packages provide facilities for rapidly deploying Red H... • http://projects.theforeman.org/issues/2860 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 2CVE-2013-4261 – OpenStack: openstack-nova-compute console-log DoS
https://notcve.org/view.php?id=CVE-2013-4261
04 Sep 2013 — OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service (connection pool consumption), as demonstrated using multiple requests that send long strings to an instance console and retrieving the console log. En OpenStack Compute (Nova) Folsom, Grizzly, y anteriores, cuando se utiliza Apache Qpid para el backend RPC, no maneja adecuadamente los errore... • http://rhn.redhat.com/errata/RHSA-2013-1199.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2013-4185 – OpenStack: Nova network source security groups denial of service
https://notcve.org/view.php?id=CVE-2013-4185
04 Sep 2013 — Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service (nova-network consumption) via a large number of server-creation operations, which triggers a large number of update requests. Vulnerabilidad de la complejidad algorítmica en OpenStack Compute (Nova) anteriores 03/01/2013 y Havana anterior a habana-3 no controla c... • http://rhn.redhat.com/errata/RHSA-2013-1199.html • CWE-310: Cryptographic Issues •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2013-4182 – foreman: app/controllers/api/v1/hosts_controller.rb API privilege escalation
https://notcve.org/view.php?id=CVE-2013-4182
04 Sep 2013 — app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request. app/controllers/api/v1/hosts_controller.rb en Foreman anteriores a v1.2.2 no restringe correctamente el acceso a hosts arbitrarios a través de una petición API. The Foreman packages provide facilities for rapidly deploying Red Hat OpenStack 3.0. These packages are provided as a Technology Preview. For more information on th... • http://projects.theforeman.org/issues/2863 • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 1%CPEs: 72EXPL: 0CVE-2013-2882 – v8: remote DoS or unspecified other impact via type confusion
https://notcve.org/view.php?id=CVE-2013-2882
30 Jul 2013 — Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." Google V8, usado en Google Chrome anterior a 28.0.1500.95, permite a atacantes remotos provocar una denegación de servicio y causar otro tipo de impacto a través de vectores que aprovechan "la confusión de tipos". V8 is Google's open source JavaScript engine. A type confusion issue was found in the V8 JavaScript en... • http://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2013-2167 – python-keystoneclient: middleware memcache encryption and signing bypass
https://notcve.org/view.php?id=CVE-2013-2167
27 Jun 2013 — python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass python-keystoneclient versiones 0.2.3 hasta la versión 0.2.5, tiene una omisión de firma de memcache de middleware. Python-keystoneclient is the client library and command line utility for interacting with the OpenStack identity API. A flaw was found in the way python-keystoneclient handled encrypted data from memcached. Even when the memcache_security_strategy setting in "/etc/swift/proxy-server.conf" was set to ENCRYPT to ... • http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113944.html • CWE-345: Insufficient Verification of Data Authenticity CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data •