CVSS: 9.8EPSS: 8%CPEs: 11EXPL: 0CVE-2013-4365 – Gentoo Linux Security Advisory 201402-09
https://notcve.org/view.php?id=CVE-2013-4365
11 Oct 2013 — Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors. Vulnerabilidad de desbordamiento de buffer (heap) en la función fcgid_header_bucket_read de fcgd_bucket.c en el modulo mod_fcgid anterior a 2.3.9 para Apache HTTP Server permite a atacantes remotos tener unimpacto no especificado a través de vectores desconocidos. Robert Matthews discov... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00011.html • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 18%CPEs: 61EXPL: 0CVE-2013-4243 – (gif2tiff): possible heap-based buffer overflow in readgifimage()
https://notcve.org/view.php?id=CVE-2013-4243
10 Sep 2013 — Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image. Desbordamiento de buffer de memoria dinámica en la función readgifimage de la herramienta gif2tiff en libtiff 4.0.3 y anteriores permite a un atacante remoto causar una denegación de servicio (cuelgue) y posiblemente ejecutar código a discrección a través... • http://bugzilla.maptools.org/show_bug.cgi?id=2451 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 3%CPEs: 12EXPL: 2CVE-2013-4234 – Debian Security Advisory 2751-1
https://notcve.org/view.php?id=CVE-2013-4234
05 Sep 2013 — Multiple heap-based buffer overflows in the (1) abc_MIDI_drum and (2) abc_MIDI_gchord functions in load_abc.cpp in libmodplug 0.8.8.4 and earlier allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted ABC. Múltiples desbordamientos de búfer basados en memoria dinámica en las funciones abc_MIDI_drum y abc_MIDI_gchord en libmodplug 0.8.8.4 y anteriores permite a atacantes remotos provocar una denegación de servicio (corrupción de mem... • http://blog.scrt.ch/2013/07/24/vlc-abc-parsing-seems-to-be-a-ctf-challenge • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 3%CPEs: 12EXPL: 2CVE-2013-4233 – Debian Security Advisory 2751-1
https://notcve.org/view.php?id=CVE-2013-4233
05 Sep 2013 — Integer overflow in the abc_set_parts function in load_abc.cpp in libmodplug 0.8.8.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted P header in an ABC file, which triggers a heap-based buffer overflow. Desbordamiento de entero en la función abc_set_parts de load_abc.cpp en libmodplug 0.8.8.4 y anteriores permite a un atacante remoto causar una denegación de servicio y posiblemente ejecutar código a discrección a través de la cabecera P en u... • http://blog.scrt.ch/2013/07/24/vlc-abc-parsing-seems-to-be-a-ctf-challenge • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2013-4232 – (tiff2pdf): use-after-free in t2p_readwrite_pdf_image()
https://notcve.org/view.php?id=CVE-2013-4232
23 Aug 2013 — Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted TIFF image. Una vulnerabilidad de uso de la memoria previamente liberada en la función t2p_readwrite_pdf_image en el archivo tools/tiff2pdf.c en libtiff versión 4.0.3, permite a los atacantes remotos causar una denegación de servicio (bloqueo de aplicación) o posiblemente ejecutar código arbitra... • http://bugzilla.maptools.org/show_bug.cgi?id=2449 • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 57EXPL: 0CVE-2013-4852 – PuTTY 0.62 Heap Overflow
https://notcve.org/view.php?id=CVE-2013-4852
06 Aug 2013 — Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow. Desbordamiento de entero en PuTTY 0.62 y anteriores, WinSCP anterior a 5.1.6, y otros productos que usan PuTTY, permite a servidores SSH remotos provocar ... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718779 • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 0%CPEs: 96EXPL: 0CVE-2013-4242 – GnuPG susceptible to Yarom/Falkner flush+reload cache side-channel attack
https://notcve.org/view.php?id=CVE-2013-4242
29 Jul 2013 — GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload. GnuPG anterior a 1.4.14, y Libgcrypt anterior a 1.5.3 usado en GnuPG 2.0.x y posiblemente otros productos, permite a usuarios locales obtener las claves RSA privadas a través de un ataque "side-channel" que involucra la caché L3. Aka Flush+Reload. The GNU Privacy Guard is a tool for encrypti... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717880 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 10%CPEs: 4EXPL: 0CVE-2013-2070 – Gentoo Linux Security Advisory 201310-04
https://notcve.org/view.php?id=CVE-2013-2070
08 Jul 2013 — http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028. http/modules/ngx_http_proxy_module.c en nginx v1.1.4 hasta v1.2.8 y v1.3.0 hasta v1.4.0, cuando proxy_pass es utilizado con servidores HTTP de no confianza, permite a atacante... • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105950.html •
CVSS: 8.1EPSS: 0%CPEs: 24EXPL: 0CVE-2013-2064 – libxcb: Integer overflow leading to heap-based buffer overflow
https://notcve.org/view.php?id=CVE-2013-2064
23 May 2013 — Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function. Desbordamiento de entero en X.org libxcb v1.9 y anteriores permite a los servidores X activar la asignación de memoria insuficiente y provocar un desbordamiento de búfer a través de vectores relacionados con la función read_packet. The X11 libraries provide library routines that are used within all X Window applications. Multipl... • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106752.html • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 23%CPEs: 23EXPL: 0CVE-2002-2443 – krb5: UDP ping-pong flaw in kpasswd
https://notcve.org/view.php?id=CVE-2002-2443
21 May 2013 — schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103. schpw.c en el servicio kpasswd en kadmind en MIT Kerberos 5 (conocido como krb5) anterior a v1.11.3 no valida correctamente los paquetes UDP an... • http://krbdev.mit.edu/rt/Ticket/Display.html?id=7637 • CWE-20: Improper Input Validation •