CVSS: 4.0EPSS: 0%CPEs: 11EXPL: 0CVE-2013-4969 – Mandriva Linux Security Advisory 2014-040
https://notcve.org/view.php?id=CVE-2013-4969
03 Jan 2014 — Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files. Puppet anteriores a 3.3.3. y 3.4 anteriores a 3.4.1 y Puppet Enterprise (PE) anteriores a 2.8.4 y 3.1 anteriores a 3.1.1 permite a usuarios locales sobreescribir ficheros arbitrarios a través de un ataque de enlaces simbólicos en ficheros no especificados. Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise... • http://puppetlabs.com/security/cve/cve-2013-4969 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 13%CPEs: 5EXPL: 1CVE-2013-6890 – DenyHosts - 'regex.py' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2013-6890
23 Dec 2013 — denyhosts 2.6 uses an incorrect regular expression when analyzing authentication logs, which allows remote attackers to cause a denial of service (incorrect block of IP addresses) via crafted login names. denyhosts v2.6 utiliza una expresión regular incorrecta al analizar los registros de autenticación, , lo cual permite a atacantes remotos causar una denegación de servicio (secuencia incorrecta de direcciones IP) a través de nombres de inicio de sesión manipulados. Helmut Grohne discovered that denyhosts, ... • https://www.exploit-db.com/exploits/38909 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 6%CPEs: 9EXPL: 0CVE-2013-6424 – xorg-x11-server: integer underflow when handling trapezoids
https://notcve.org/view.php?id=CVE-2013-6424
19 Dec 2013 — Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value. Underflow de entero en la macro xTrapezoidValid en render/picture.h de X.Org permite a atacantes dependientes de contexto causar una denegación de servicio (crash) a través de un valor mínimo negativo . X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graph... • http://lists.opensuse.org/opensuse-updates/2013-12/msg00127.html • CWE-190: Integer Overflow or Wraparound CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.5EPSS: 3%CPEs: 20EXPL: 0CVE-2013-6425 – pixman: integer underflow when handling trapezoids
https://notcve.org/view.php?id=CVE-2013-6425
19 Dec 2013 — Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value. Desbordamiento de entero en la macro pixman_trapezoid_valid en pixman.h de Pixman anteriores a 0.32.0, utilizado en el servidor X.Org y cairo, permite a atacantes dependientes de contexto causar una denegación de servicio (crash) a través de un valor mínimo negativo. Pixman is a pixel... • http://cgit.freedesktop.org/pixman/commit/?id=5e14da97f16e421d084a9e735be21b1025150f0c • CWE-190: Integer Overflow or Wraparound CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.5EPSS: 0%CPEs: 45EXPL: 0CVE-2013-6410 – Ubuntu Security Notice USN-2676-1
https://notcve.org/view.php?id=CVE-2013-6410
07 Dec 2013 — nbd-server in Network Block Device (nbd) before 3.5 does not properly check IP addresses, which might allow remote attackers to bypass intended access restrictions via an IP address that has a partial match in the authfile configuration file. nbd-server en Network Block Device (nbd) anteriores a 3.5 no comprueba correctamente direcciones IP, lo cual podría permitir a atacantes remotos sortear restricciones de acceso intencionadas a través de una dirección IP con una coincidencia parcial en el fichero de con... • http://sourceforge.net/mailarchive/forum.php?thread_name=529BAA58.2080401%40uter.be&forum_name=nbd-general • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 31%CPEs: 15EXPL: 0CVE-2013-6712 – php: heap-based buffer over-read in DateInterval
https://notcve.org/view.php?id=CVE-2013-6712
28 Nov 2013 — The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification. La función de análisis en ext/date/lib/parse_iso_intervals.c de PHP hasta la versión 5.5.6 no restringe adecuadamente la creación de objetos DateInterval, lo que podría permitir a atacantes remotos provocar una denegación de servicio (desbord... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=12fe4e90be7bfa2a763197079f68f5568a14e071 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 7%CPEs: 10EXPL: 0CVE-2013-4475 – samba: no access check verification on stream files
https://notcve.org/view.php?id=CVE-2013-4475
13 Nov 2013 — Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated alternate data stream (ADS). Samba 3.x anteriores a 3.6.20, 4.0.x anteriores a 4.0.11, y 4.1.x anteriores a 4.1.1, cuando vfs_streams_depot o vfs_streams_xattr está activo, permite a atacantes remotos sortear restricciones de fichero aprovechando... • http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.6EPSS: 10%CPEs: 7EXPL: 0CVE-2013-4559 – Mandriva Linux Security Advisory 2013-277
https://notcve.org/view.php?id=CVE-2013-4559
13 Nov 2013 — lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is reached. lighttpd anterior a la versión 1.4.33 no comprueba el valor de vuelta de (1) setuid, (2) setgid, o (3) setgroups, lo que podría causar que lighttpd se ejecute bajo adm... • http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_02.txt • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 13%CPEs: 7EXPL: 0CVE-2013-4560 – Mandriva Linux Security Advisory 2013-277
https://notcve.org/view.php?id=CVE-2013-4560
13 Nov 2013 — Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures. Vulnerabilidad de uso después de liberación en lighttpd anterior a la versión 1.4.33 permite a atacantes remotos provocar una denegación de servicio (fallo de segmentación y caída) a través de vectores que desencadenen fallos FAMMonitorDirectory. lighttpd before 1.4.34, when SNI is enabled, configures wea... • http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_03.txt • CWE-416: Use After Free •
CVSS: 7.5EPSS: 2%CPEs: 7EXPL: 1CVE-2013-4508 – Mandriva Linux Security Advisory 2013-277
https://notcve.org/view.php?id=CVE-2013-4508
08 Nov 2013 — lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network. lighttpd anteriores a 1.4.34, cuando SNI esta habilitado, configura cifrados SSL débiles, lo que hace más fácil para un atacante remoto secuestrar sesiones insertando paquetes en el flujo de datos cliente-servidor u obtener información sensible capturando la red.... • http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_01.txt • CWE-326: Inadequate Encryption Strength •