CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2013-4245
https://notcve.org/view.php?id=CVE-2013-4245
Orca has arbitrary code execution due to insecure Python module load Orca presenta una ejecución de código arbitrario debido a una carga no segura del módulo Python. • https://access.redhat.com/security/cve/cve-2013-4245 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4245 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-4245 https://security-tracker.debian.org/tracker/CVE-2013-4245 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2013-4158
https://notcve.org/view.php?id=CVE-2013-4158
smokeping before 2.6.9 has XSS (incomplete fix for CVE-2012-0790) smokeping versiones anteriores a 2.6.9, presenta una vulnerabilidad de tipo XSS (corrección incompleta para el CVE-2012-0790) • http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113987.html http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114008.html http://www.openwall.com/lists/oss-security/2013/07/20/2 http://www.securityfocus.com/bid/61371 https://access.redhat.com/security/cve/cve-2013-4158 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4158 https://exchange.xforce.ibmcloud.com/vulnerabilities/85887 https://security-tracker.debian.org/tracker/CVE-2013-4158 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 2CVE-2019-18345 – DAViCal CalDAV Server 1.1.8 Reflective Cross Site Scripting
https://notcve.org/view.php?id=CVE-2019-18345
A reflected XSS issue was discovered in DAViCal through 1.1.8. It echoes the action parameter without encoding. If a user visits an attacker-supplied link, the attacker can view all data the attacked user can view, as well as perform all actions in the name of the user. If the user is an administrator, the attacker can for example add a new admin user to gain full access to the application. Se detectó un problema de tipo XSS reflejado en DAViCal versiones hasta 1.1.8. • http://packetstormsecurity.com/files/155630/DAViCal-CalDAV-Server-1.1.8-Reflective-Cross-Site-Scripting.html https://gitlab.com/davical-project/davical/blob/master/ChangeLog https://hackdefense.com/publications/cve-2019-18345-davical-caldav-server-vulnerability https://lists.debian.org/debian-lts-announce/2019/12/msg00016.html https://seclists.org/bugtraq/2019/Dec/30 https://wiki.davical.org/index.php/Main_Page https://www.davical.org https://www.debian.org/security/2019/dsa-4582 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 0CVE-2012-1577
https://notcve.org/view.php?id=CVE-2012-1577
lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0. El archivo lib/libc/stdlib/random.c en OpenBSD devuelve 0 cuando es sembrado con 0. • http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/stdlib/random.c#rev1.16 http://www.openwall.com/lists/oss-security/2012/03/23/14 https://github.com/ensc/dietlibc/blob/master/CHANGES https://security-tracker.debian.org/tracker/CVE-2012-1577 • CWE-335: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) •
CVSS: 6.1EPSS: 1%CPEs: 4EXPL: 0CVE-2016-1000108
https://notcve.org/view.php?id=CVE-2016-1000108
yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. yaws versiones anteriores a la versión 2.0.4, no intenta abordar los conflictos de espacio de nombres de RFC sección 3875 versión 4.1.18 y, por lo tanto, no protege las aplicaciones CGI de la presencia de datos de clientes no seguros en la variable de entorno HTTP_PROXY, lo que podría permitir a atacantes remotos redireccionar el tráfico HTTP saliente de la aplicación CGI hacia un servidor proxy arbitrario por medio de un encabezado Proxy especialmente diseñado en una petición HTTP, también se conoce como un problema "httpoxy". • http://www.openwall.com/lists/oss-security/2016/07/18/6 https://github.com/klacke/yaws/commit/9d8fb070e782c95821c90d0ca7372fc6d7316c78#diff-54053c47eb173a90c26ed19bd9d106c1 https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000108.json https://security-tracker.debian.org/tracker/CVE-2016-1000108 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •