CVSS: 5.0EPSS: 46%CPEs: 76EXPL: 1CVE-2013-5704 – httpd: bypass of mod_headers rules via chunked requests
https://notcve.org/view.php?id=CVE-2013-5704
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such." El módulo mod_headers en el servidor de Apache HTTP 2.2.22 permite a atacantes remotos evadir directivas "RequestHeader unset" mediante la colocación de una cabera en la porción "trailer" de datos enviados con codificación de transferencia fragmentada. NOTA: el proveedor afirma que "esto no es un problema de seguridad en httpd como tal." A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html http://marc.info/?l=apache-httpd-dev&m=139636309822854&w=2 http://marc.info/?l=bugtraq&m=143403519711434&w=2 http://marc.info/?l=bugtraq&m=144493176821532&w=2 http://martin.swende.se/blog/HTTPChunked.html http://rhn.redhat.com/errata/RHSA-2015-0325.html http://rhn.redhat.com/errata/RHSA-2015-1249.html http://rhn.redhat& • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 91%CPEs: 35EXPL: 0CVE-2014-0101 – kernel: net: sctp: null pointer dereference when processing authenticated cookie_echo chunk
https://notcve.org/view.php?id=CVE-2014-0101
The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk. La función sctp_sf_do_5_1D_ce en net/sctp/sm_statefuns.c en el kernel de Linux hasta la versión 3.13.6 no valida ciertos campos auth_enable y auth_capable antes de hacer una llamada sctp_sf_authenticate, lo que permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída del sistema) a través de un SCTP handshake con un fragmento INIT modificado y un fragmento AUTH manipulado anterior a un fragmento COOKIE_ECHO. A flaw was found in the way the Linux kernel processed an authenticated COOKIE_ECHO chunk during the initialization of an SCTP connection. A remote attacker could use this flaw to crash the system by initiating a specially crafted SCTP handshake in order to trigger a NULL pointer dereference on the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ec0223ec48a90cb605244b45f7c62de856403729 http://rhn.redhat.com/errata/RHSA-2014-0328.html http://rhn.redhat.com/errata/RHSA-2014-0419.html http://rhn.redhat.com/errata/RHSA-2014-0432.html http://secunia.com/advisories/59216 http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15317.html http://www.openwall.com/lists/oss-security/2014/03/04/6 http://www.securityfocus.com/bid/65943 h • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2013-1943 – kernel: kvm: missing check in kvm_set_memory_region()
https://notcve.org/view.php?id=CVE-2013-1943
The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guest's physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted application, related to arch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c. El subsistema KVM en el kernel de Linux anterior a v3.0 no comprueba si las direcciones del núcleo se especifican durante la asignación de slots de memoria para su uso en el espacio de direcciones físicas huesped, permitiendo a usuarios locales conseguir privilegios u obtener información confidencial de la memoria del núcleo a través de una aplicación especialmente diseñada, relacionada con arch/x86/kvm/paging_tmpl.h y virt/kvm/kvm_main.c. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fa3d315a4ce2c0891cdde262562e710d95fba19e http://web.archive.org/web/20130329070349/http://ftp.osuosl.org/pub/linux/kernel/v3.0/ChangeLog-3.0 http://www.ubuntu.com/usn/USN-1939-1 https://bugzilla.redhat.com/show_bug.cgi?id=950490 https://github.com/torvalds/linux/commit/fa3d315a4ce2c0891cdde262562e710d95fba19e https://access.redhat.com/security/cve/CVE-2013-1943 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.8EPSS: 1%CPEs: 18EXPL: 0CVE-2013-0772 – Mozilla: Out-of-bounds read in image rendering (MFSA 2013-22)
https://notcve.org/view.php?id=CVE-2013-0772
The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) via a crafted GIF image. La función RasterImage::DrawFrameTo function en Mozilla Firefox anterior a v19.0, Thunderbird anterior a v17.0.3, y SeaMonkey anterior a v2.16, permite a atacantes remotos obtener información sensible de los procesos de memoria o provocar una denegación de servicio (lectura de memoria fuera de rango o caída de aplicación) a través de una imagen GIF manipulada. • http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html http://lists.opensuse.org/opensuse-updates/2013-02/msg00062.html http://rhn.redhat.com/errata/RHSA-2013-1812.html http://www.mozilla.org/security/announce/2013/mfsa2013-22.html http://www.ubuntu.com/usn/USN-1729-1 http://www.ubuntu.com/usn/USN-1729-2 https://bugzilla.mozilla.org/show_bug.cgi?id=801366 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17159 https:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.3EPSS: 1%CPEs: 22EXPL: 0CVE-2013-0775 – Mozilla: Use-after-free in nsImageLoadingContent (MFSA 2013-26)
https://notcve.org/view.php?id=CVE-2013-0775
Use-after-free vulnerability in the nsImageLoadingContent::OnStopContainer function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via crafted web script. Vulnerabilidad de uso de memoria después de libreación en la función nsImageLoadingContent::OnStopContainer en Mozilla Firefox anterior a v19.0, Firefox ESR v17.x anterior a v17.0.3, Thunderbird anterior a v17.0.3, Thunderbird ESR v17.x anterior a v17.0.3, y SeaMonkey anterior a v2.16, permite a atacantes remotos ejecutar código de su elección a través de una secuencia de comandos web manipulada. • http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html http://lists.opensuse.org/opensuse-updates/2013-02/msg00062.html http://rhn.redhat.com/errata/RHSA-2013-0271.html http://rhn.redhat.com/errata/RHSA-2013-0272.html http://www.debian.org/security/2013/dsa-2699 http://www.mozilla.org/security/announce/2013/mfsa2013-26.html http://www.ubuntu.com/usn/USN-1729-1 http://www.ubuntu.com/usn/USN-1729-2 http://www.ubuntu.com/usn/USN-1748-1 https& • CWE-416: Use After Free •