CVSS: 6.8EPSS: 1%CPEs: 4EXPL: 0CVE-2013-1913 – gimp: xwd plugin g_new() integer overflow
https://notcve.org/view.php?id=CVE-2013-1913
Integer overflow in the load_image function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large color entries value in an X Window System (XWD) image dump. Desbordamiento de enteros en la función load_image en file-xwd.c del plugin X Window Dump (XWD) de GIMP 2.6.9 y anteriores versiones, cuando se usa en glib anterior a la versión 2.24, permite a atacantes remotos provocar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de valores de grandes entradas de color en un volcado de imagen X Window System (XWD). • http://rhn.redhat.com/errata/RHSA-2013-1778.html http://www.debian.org/security/2013/dsa-2813 http://www.securityfocus.com/bid/64105 http://www.ubuntu.com/usn/USN-2051-1 https://bugzilla.redhat.com/show_bug.cgi?id=947868 https://security.gentoo.org/glsa/201603-01 https://access.redhat.com/security/cve/CVE-2013-1913 • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.0EPSS: 0%CPEs: 10EXPL: 0CVE-2013-4566 – mod_nss: incorrect handling of NSSVerifyClient in directory context
https://notcve.org/view.php?id=CVE-2013-4566
mod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions. mod_nss 1.0.8 y anteriores versiones, cuando se establece NSSVerifyClient en none para el contexto del server/vhost, no aplica la opción de NSSVerifyClient en el contexto de directorio, lo que permite a atacantes remotos evadir restricciones de acceso intencionadas. • http://lists.opensuse.org/opensuse-updates/2013-12/msg00118.html http://rhn.redhat.com/errata/RHSA-2013-1779.html https://bugzilla.redhat.com/show_bug.cgi?id=1016832 https://access.redhat.com/security/cve/CVE-2013-4566 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 8%CPEs: 4EXPL: 1CVE-2013-4282 – spice: stack buffer overflow in reds_handle_ticket() function
https://notcve.org/view.php?id=CVE-2013-4282
Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket. Desbordamiento de búfer de pila en la función reds_handle_ticket en server/reds.c en SPICE 0.12.0 que permite a atacantes remotos provocar una denegación de servicio (caída) a través de una contraseña larga en un ticket de SPICE. • http://cgit.freedesktop.org/spice/spice/commit/?id=8af619009660b24e0b41ad26b30289eea288fcc2 http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00008.html http://rhn.redhat.com/errata/RHSA-2013-1460.html http://rhn.redhat.com/errata/RHSA-2013-1473.html http://rhn.redhat.com/errata/RHSA-2013-1474.html http://www.debian.org/security/2014/dsa-2839 http://www.securityfocus.com/bid/63408 http://www.ubuntu.com/usn/USN-2027-1 https://access.redhat.com/security/cve/CVE-2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 1%CPEs: 249EXPL: 0CVE-2013-5843 – JDK: unspecified vulnerability fixed in 7u45 (2D)
https://notcve.org/view.php?id=CVE-2013-5843
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JavaFX 2.2.40 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Vulnerabilidad no especificada en Oracle Java SE v7u40 y anteriores, Java SE v6u60 y anteriores, Java SE v5.0u51 y anteriores, JavaFX v2.2.40 y anteriores, y Java SE Embedded v7u40 y anteriores permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con 2D. • http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html http://marc.info/?l=bugtraq&m=138674031212883&w=2 http://marc.info/?l=bugtraq&m=138674073720143&w=2 http://rhn.redhat.com/errata/RHSA-2013-1440.html http://rhn.redhat.com/errata/RHSA-2013-1507.html http://rhn.redhat.com/errata/RHSA-2013-1508.html http://rhn.redhat.com/errata/RHSA-2013-1509.html http://rhn.redhat.com&#x •
CVSS: 4.9EPSS: 0%CPEs: 13EXPL: 0CVE-2013-5807 – mysql: unspecified flaw related to Replication (CPU October 2013)
https://notcve.org/view.php?id=CVE-2013-5807
Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Replication. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.x hasta 5.5.32 y 5.6.x hasta 5.6.x hasta 5.6.12 permite a usuarios remotos autenticados afectar la confidencialidad e integridad a través de vectores desconocidos relacionados con Replication. • http://rhn.redhat.com/errata/RHSA-2014-0173.html http://rhn.redhat.com/errata/RHSA-2014-0186.html http://rhn.redhat.com/errata/RHSA-2014-0189.html http://security.gentoo.org/glsa/glsa-201409-04.xml http://www.debian.org/security/2013/dsa-2818 http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html http://www.securityfocus.com/bid/63105 http://www.securitytracker.com/id/1029184 http://www.ubuntu.com/usn/USN-2006-1 https://access.redhat.com/secur •