CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2013-1888 – Gentoo Linux Security Advisory 201309-05
https://notcve.org/view.php?id=CVE-2013-1888
16 Aug 2013 — pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory. pip anterior a v1.3 permite a los usuarios locales sobrescribir archivos arbitrarios a través de un ataque de enlace simbólico de un archivo en el directorio temporal /tmp/pip-build. Multiple vulnerabilities have been found in pip, which may allow remote attackers to execute arbitrary code or local attackers to conduct symlink attacks. Versions less than 1.3.1 are affected... • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105952.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 96%CPEs: 177EXPL: 4CVE-2013-4124 – Samba 3.5.22/3.6.17/4.0.8 - nttrans Reply Integer Overflow
https://notcve.org/view.php?id=CVE-2013-4124
05 Aug 2013 — Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet. Desbordamiento de entero en la función read_nttrans_ea_list en nttrans.c en smbd en Samba v3.x anterior a v3.5.22, v3.6.x anterior a v3.6.17, y v4.x anterior a v4.0.8 permite a atacantes remotos causar una denegación de servicio (por excesivo consumo de memoria) a trav... • https://packetstorm.news/files/id/180540 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 94%CPEs: 109EXPL: 0CVE-2013-4854 – ISC BIND rdata Denial Of Service Vulnerability
https://notcve.org/view.php?id=CVE-2013-4854
26 Jul 2013 — The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013. La implementación RFC en rdata.c en ISC BIND 9.7.x y 9.8.x anterior a 9.8.5-P2, ... • http://archives.neohapsis.com/archives/bugtraq/2013-08/0030.html •
CVSS: 7.5EPSS: 78%CPEs: 23EXPL: 0CVE-2002-2443 – krb5: UDP ping-pong flaw in kpasswd
https://notcve.org/view.php?id=CVE-2002-2443
21 May 2013 — schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103. schpw.c en el servicio kpasswd en kadmind en MIT Kerberos 5 (conocido como krb5) anterior a v1.11.3 no valida correctamente los paquetes UDP an... • http://krbdev.mit.edu/rt/Ticket/Display.html?id=7637 • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 9EXPL: 0CVE-2013-1915
https://notcve.org/view.php?id=CVE-2013-1915
25 Apr 2013 — ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) vulnerability. ModSecurity antes de v2.7.3 permite a atacantes remotos leer archivos arbitrarios, enviar peticiones HTTP a los servidores de la intranet, o causar una denegación de servicio (consumo de CPU y memoria) a través d... • http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101898.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.5EPSS: 94%CPEs: 12EXPL: 0CVE-2013-1416 – krb5: NULL pointer dereference (DoS, KDC crash) by processing certain TGS requests
https://notcve.org/view.php?id=CVE-2013-1416
19 Apr 2013 — The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request. La función prep_reprocess_req en do_tgs_req.c en el Key Distribution Center (KDC) en MIT Kerberos 5 (aka krb5) antes de v1.10.5 no realiza correctamente el servicio ámbito de refer... • http://krbdev.mit.edu/rt/Ticket/Display.html?id=7600 • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 0%CPEs: 103EXPL: 0CVE-2013-1830
https://notcve.org/view.php?id=CVE-2013-1830
25 Mar 2013 — user/view.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not enforce the forceloginforprofiles setting, which allows remote attackers to obtain sensitive course-profile information by leveraging the guest role, as demonstrated by a Google search. user/view.php en Moodle hasta v2.1.10, v2.2.x anterior a v2.2.8, v2.3.x anterior a v2.3.5, y v2.4.x anterior a 2.4.2 no aplica el ajuste forceloginforprofiles, que permite a atacantes remotos obtener información de... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37481 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 8%CPEs: 8EXPL: 1CVE-2012-3363 – Zend Framework < 2.0.0 beta4 < 1.12 RC1 < 1.11.11 - Local File Disclosure
https://notcve.org/view.php?id=CVE-2012-3363
13 Feb 2013 — Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack. Zend_XmlRpc 1.x de Zend Framework antes de v1.11.12 y antes v1.12.0 1.12.x,94 no controla correctamente las clases SimpleXMLElement, lo que permite a atacantes remotos leer archiv... • https://www.exploit-db.com/exploits/19408 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.8EPSS: 1%CPEs: 24EXPL: 0CVE-2012-6075 – qemu: e1000 driver buffer overflow when processing large packets when SBP and LPE flags are disabled
https://notcve.org/view.php?id=CVE-2012-6075
13 Feb 2013 — Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet. Desbordamiento de buffer en la función e1000_receive del controlador de dispositivo e1000 (hw/e1000.c) en QEMU v1.3.0-rc2 y otras versiones, cuando las banderas de PAS y LPE están deshabilitadas, permiten ataques re... • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=b0d9ffcd0251161c7c92f94804dcf599dfa3edeb • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 3%CPEs: 18EXPL: 0CVE-2013-0170 – libvirt: use-after-free in virNetMessageFree()
https://notcve.org/view.php?id=CVE-2013-0170
08 Feb 2013 — Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue. Vulnerabilidad de uso después de liberación en la función virNetMessageFree en rpc/l... • http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=46532e3e8ed5f5a736a02f67d6c805492f9ca720 • CWE-416: Use After Free •