CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2016-1000037
https://notcve.org/view.php?id=CVE-2016-1000037
Pagure: XSS possible in file attachment endpoint Pagure: posible vulnerabilidad de tipo XSS en el endpoint de archivo adjunto • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000037 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7EHB2WQ46M737B2STHQTOPTBSSQJDSS https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000037.json https://security-tracker.debian.org/tracker/CVE-2016-1000037 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-14824 – 389-ds-base: Read permission check bypass via the deref plugin
https://notcve.org/view.php?id=CVE-2019-14824
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes. Se detectó un fallo en el plugin "deref" de 389-ds-base, donde podría usar el permiso "search" para mostrar los valores de los atributos. En algunas configuraciones, esto podría permitir a un atacante autenticado visualizar atributos privados, tales como hashes de contraseñas. • https://access.redhat.com/errata/RHSA-2019:3981 https://access.redhat.com/errata/RHSA-2020:0464 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14824 https://lists.debian.org/debian-lts-announce/2019/11/msg00036.html https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html https://access.redhat.com/security/cve/CVE-2019-14824 https://bugzilla.redhat.com/show_bug.cgi?id=1747448 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-8181
https://notcve.org/view.php?id=CVE-2014-8181
The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace. El kernel en Red Hat Enterprise Linux versiones 7 y MRG-2, no borra los datos basura para el búfer de SG_IO, lo que puede filtrar información confidencial en el espacio del usuario. • https://bugzilla.redhat.com/show_bug.cgi?id=1335817 • CWE-665: Improper Initialization •
CVSS: 3.3EPSS: 0%CPEs: 8EXPL: 2CVE-2016-4983
https://notcve.org/view.php?id=CVE-2016-4983
A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files. Un script postinstall en el dovecot rpm, permite a usuarios locales leer el contenido de los archivos de clave SSL/TLS recientemente creados. • http://lists.opensuse.org/opensuse-updates/2016-11/msg00096.html https://bugzilla.redhat.com/show_bug.cgi?id=1346055 https://bugzilla.suse.com/show_bug.cgi?id=984639 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2013-5661
https://notcve.org/view.php?id=CVE-2013-5661
Cache Poisoning issue exists in DNS Response Rate Limiting. Existe Un problema de envenenamiento de caché en el DNS Response Rate Limiting. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5661 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5661 https://security-tracker.debian.org/tracker/CVE-2013-5661 • CWE-290: Authentication Bypass by Spoofing •