CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 1CVE-2015-2793
https://notcve.org/view.php?id=CVE-2015-2793
Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openid_identifier parameter in a verify action to ikiwiki.cgi. Una vulnerabilidad de tipo cross-site scripting (XSS) en el archivo templates/openid-selector.tmpl en ikiwiki versiones anteriores a 3.20150329, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro openid_identifier en una acción de comprobación para el archivo ikiwiki.cgi. • http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157001.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157023.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157025.html http://openwall.com/lists/oss-security/2015/03/30/5 http://openwall.com/lists/oss-security/2015/03/31/1 http://source.ikiwiki.branchable.com/?p=source.git%3Ba=commitdiff%3Bh=18dfba868fe2fb9c64706b2123eb0b3a3ce66a77 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 2%CPEs: 11EXPL: 0CVE-2019-6477 – TCP-pipelined queries can bypass tcp-clients limit
https://notcve.org/view.php?id=CVE-2019-6477
With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resources than the server has been provisioned to handle. When a TCP connection with a large number of pipelined queries is closed, the load on the server releasing these multiple resources can cause it to become unresponsive, even for queries that can be answered authoritatively or from cache. (This is most likely to be perceived as an intermittent server problem). Con pipelining habilitada, cada consulta entrante en una conexión TCP requiere una asignación de recursos similar a una consulta recibida por medio de UDP o TCP sin pipelining habilitada. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html https://kb.isc.org/docs/cve-2019-6477 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3DEMNZMKR57VQJCG5ZN55ZGTQRL2TFQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGURMGQHX45KR4QDRCSUQHODUFOGNGAN https://support.f5.com/csp/article/K15840535?utm_source=f5support&%3Butm_medium=RSS http • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2012-6136
https://notcve.org/view.php?id=CVE-2012-6136
tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes. tuned versión 2.10.0 crea su archivo PID con permisos no seguros lo que permite a usuarios locales eliminar procesos arbitrarios. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6136 https://security-tracker.debian.org/tracker/CVE-2012-6136 • CWE-276: Incorrect Default Permissions •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2011-2924
https://notcve.org/view.php?id=CVE-2011-2924
foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter. foomatic-rip filter versión v4.0.12 y anteriores, utilizó archivos temporales creados de manera no segura para el almacenamiento de datos PostScript mediante el renderizado de los datos cuando el modo de depuración fue habilitado. Un atacante local puede explotar este fallo para conducir ataques de enlace simbólico al sobrescribir archivos arbitrarios accesibles con los privilegios del usuario que ejecuta el filtro de impresión universal de foomatic-rip. • https://access.redhat.com/security/cve/cve-2011-2924 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2924 https://launchpad.net/ubuntu/+source/foomatic-filters/4.0.12-1 https://lwn.net/Articles/459979 https://security-tracker.debian.org/tracker/CVE-2011-2924 https://www.openwall.com/lists/oss-security/2014/02/08/5/1 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.1EPSS: 1%CPEs: 6EXPL: 0CVE-2019-18887
https://notcve.org/view.php?id=CVE-2019-18887
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel. Se detectó un problema en Symfony versiones 2.8.0 hasta 2.8.50, 3.4.0 hasta 3.4.34, 4.2.0 hasta 4.2.11 y 4.3.0 hasta 4.3.7. El UriSigner estaba sujeto a ataques de sincronización. • https://github.com/symfony/symfony/releases/tag/v4.3.8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ https://symfony.com/blog/cve-2019-18887-use-constant-time-comparison-in-urisigner https://symfony.com/blog/ • CWE-203: Observable Discrepancy •