CVSS: 9.8EPSS: 0%CPEs: 15EXPL: 0CVE-2013-3839 – mysql: unspecified DoS related to Optimizer (CPU October 2013)
https://notcve.org/view.php?id=CVE-2013-3839
16 Oct 2013 — Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier, 5.5.32 and earlier, and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. Vulnerabilidad no especificada en el componente MySQL Server de Oracle MySQL 5.1.70 y anteriores, 5.5.32 y anteriores y 5.6.12 y anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con Optimizer. MySQL is a... • http://rhn.redhat.com/errata/RHSA-2014-0173.html •
CVSS: 9.8EPSS: 6%CPEs: 11EXPL: 0CVE-2013-4365 – Gentoo Linux Security Advisory 201402-09
https://notcve.org/view.php?id=CVE-2013-4365
11 Oct 2013 — Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors. Vulnerabilidad de desbordamiento de buffer (heap) en la función fcgid_header_bucket_read de fcgd_bucket.c en el modulo mod_fcgid anterior a 2.3.9 para Apache HTTP Server permite a atacantes remotos tener unimpacto no especificado a través de vectores desconocidos. Robert Matthews discov... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00011.html • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 18%CPEs: 61EXPL: 0CVE-2013-4243 – (gif2tiff): possible heap-based buffer overflow in readgifimage()
https://notcve.org/view.php?id=CVE-2013-4243
10 Sep 2013 — Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image. Desbordamiento de buffer de memoria dinámica en la función readgifimage de la herramienta gif2tiff en libtiff 4.0.3 y anteriores permite a un atacante remoto causar una denegación de servicio (cuelgue) y posiblemente ejecutar código a discrección a través... • http://bugzilla.maptools.org/show_bug.cgi?id=2451 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 2%CPEs: 12EXPL: 2CVE-2013-4233 – Debian Security Advisory 2751-1
https://notcve.org/view.php?id=CVE-2013-4233
05 Sep 2013 — Integer overflow in the abc_set_parts function in load_abc.cpp in libmodplug 0.8.8.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted P header in an ABC file, which triggers a heap-based buffer overflow. Desbordamiento de entero en la función abc_set_parts de load_abc.cpp en libmodplug 0.8.8.4 y anteriores permite a un atacante remoto causar una denegación de servicio y posiblemente ejecutar código a discrección a través de la cabecera P en u... • http://blog.scrt.ch/2013/07/24/vlc-abc-parsing-seems-to-be-a-ctf-challenge • CWE-189: Numeric Errors •
CVSS: 8.8EPSS: 3%CPEs: 12EXPL: 2CVE-2013-4234 – Debian Security Advisory 2751-1
https://notcve.org/view.php?id=CVE-2013-4234
05 Sep 2013 — Multiple heap-based buffer overflows in the (1) abc_MIDI_drum and (2) abc_MIDI_gchord functions in load_abc.cpp in libmodplug 0.8.8.4 and earlier allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted ABC. Múltiples desbordamientos de búfer basados en memoria dinámica en las funciones abc_MIDI_drum y abc_MIDI_gchord en libmodplug 0.8.8.4 y anteriores permite a atacantes remotos provocar una denegación de servicio (corrupción de mem... • http://blog.scrt.ch/2013/07/24/vlc-abc-parsing-seems-to-be-a-ctf-challenge • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2013-4232 – (tiff2pdf): use-after-free in t2p_readwrite_pdf_image()
https://notcve.org/view.php?id=CVE-2013-4232
23 Aug 2013 — Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted TIFF image. Una vulnerabilidad de uso de la memoria previamente liberada en la función t2p_readwrite_pdf_image en el archivo tools/tiff2pdf.c en libtiff versión 4.0.3, permite a los atacantes remotos causar una denegación de servicio (bloqueo de aplicación) o posiblemente ejecutar código arbitra... • http://bugzilla.maptools.org/show_bug.cgi?id=2449 • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 57EXPL: 0CVE-2013-4852 – PuTTY 0.62 Heap Overflow
https://notcve.org/view.php?id=CVE-2013-4852
06 Aug 2013 — Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow. Desbordamiento de entero en PuTTY 0.62 y anteriores, WinSCP anterior a 5.1.6, y otros productos que usan PuTTY, permite a servidores SSH remotos provocar ... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718779 • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 0%CPEs: 96EXPL: 0CVE-2013-4242 – GnuPG susceptible to Yarom/Falkner flush+reload cache side-channel attack
https://notcve.org/view.php?id=CVE-2013-4242
29 Jul 2013 — GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload. GnuPG anterior a 1.4.14, y Libgcrypt anterior a 1.5.3 usado en GnuPG 2.0.x y posiblemente otros productos, permite a usuarios locales obtener las claves RSA privadas a través de un ataque "side-channel" que involucra la caché L3. Aka Flush+Reload. The GNU Privacy Guard is a tool for encrypti... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717880 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 1%CPEs: 135EXPL: 1CVE-2013-0339 – Mandriva Linux Security Advisory 2013-198
https://notcve.org/view.php?id=CVE-2013-0339
16 Jul 2013 — libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because libxml2 already provides the ability to disable external entity expansion, the res... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 8%CPEs: 4EXPL: 0CVE-2013-2070 – Gentoo Linux Security Advisory 201310-04
https://notcve.org/view.php?id=CVE-2013-2070
08 Jul 2013 — http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028. http/modules/ngx_http_proxy_module.c en nginx v1.1.4 hasta v1.2.8 y v1.3.0 hasta v1.4.0, cuando proxy_pass es utilizado con servidores HTTP de no confianza, permite a atacante... • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105950.html •