CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2014-1400
https://notcve.org/view.php?id=CVE-2014-1400
The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions and read unpublished comments via unspecified vectors. La API entity_access en el módulo Entity API, en versiones 7.x-1.x anteriores a la 7.x-1.3 para Drupal, podría permitir que usuarios autenticados remotos omitan las restricciones de acceso planeadas y lean comentarios no publicados mediante vectores sin especificar. • http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126811.html http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126816.html http://www.openwall.com/lists/oss-security/2014/01/09/3 http://www.securityfocus.com/bid/64729 https://bugzilla.redhat.com/show_bug.cgi?id=1050802 https://exchange.xforce.ibmcloud.com/vulnerabilities/90396 https://www.drupal.org/node/2169595 • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2014-1399
https://notcve.org/view.php?id=CVE-2014-1399
The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspecified vectors. La API de acceso al contenedor de entidad en el módulo Entity API, en versiones 7.x-1.x anteriores a la 7.x-1.3 para Drupal, podría permitir que usuarios autenticados remotos omitan las restricciones de acceso planeadas en las entidades referenciadas mediante vectores sin especificar. • http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126811.html http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126816.html http://www.openwall.com/lists/oss-security/2014/01/09/3 http://www.securityfocus.com/bid/64729 https://bugzilla.redhat.com/show_bug.cgi?id=1050802 https://exchange.xforce.ibmcloud.com/vulnerabilities/90216 https://www.drupal.org/node/2169595 • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2014-1398
https://notcve.org/view.php?id=CVE-2014-1398
The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statistics properties via unspecified vectors. La API de acceso al contenedor de entidad en el módulo Entity API, en versiones 7.x-1.x anteriores a la 7.x-1.3 para Drupal, podría permitir que usuarios autenticados remotos omitan las restricciones de acceso planeadas en las propiedades comment, user y node statistics mediante vectores sin especificar. • http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126811.html http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126816.html http://www.openwall.com/lists/oss-security/2014/01/09/3 http://www.securityfocus.com/bid/64729 https://bugzilla.redhat.com/show_bug.cgi?id=1050802 https://exchange.xforce.ibmcloud.com/vulnerabilities/90215 https://www.drupal.org/node/2169595 • CWE-284: Improper Access Control •
CVSS: 6.1EPSS: 0%CPEs: 30EXPL: 0CVE-2017-15129 – kernel: net: double-free and memory corruption in get_net_ns_by_id()
https://notcve.org/view.php?id=CVE-2017-15129
A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely. Se ha descubierto una vulnerabilidad en los nombres de espacio de red que afecta al kernel de Linux en versiones anteriores a la 4.14.11. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=21b5944350052d2583e82dd59b19a9ba94a007f0 http://seclists.org/oss-sec/2018/q1/7 http://www.securityfocus.com/bid/102485 https://access.redhat.com/errata/RHSA-2018:0654 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2019:1946 https://access.redhat.com/security/cve/CVE-2017-15129 https://bugzilla.redhat.com/show_bug.cgi& • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2016-5404 – ipa: Insufficient privileges check in certificate revocation
https://notcve.org/view.php?id=CVE-2016-5404
The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission. El comando cert_revoke en FreeIPA no realiza comprobaciones para el permiso "certificado de revocación", lo que permite a usuarios remotos autenticados revocar certificados arbitrarios aprovechando el permiso "certificado de recuperación". An insufficient permission check issue was found in the way IPA server treats certificate revocation requests. An attacker logged in with the 'retrieve certificate' permission enabled could use this flaw to revoke certificates, possibly triggering a denial of service attack. • http://rhn.redhat.com/errata/RHSA-2016-1797.html http://www.openwall.com/lists/oss-security/2016/08/17/9 http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.securityfocus.com/bid/92525 https://fedorahosted.org/freeipa/ticket/6232 https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=cf74584d0f772f3f5eccc1d30c001e4212a104fd https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3PZ2ZQTMGC2UBRNHXVVOY3PJDOBP4CP4 https://lists.fedorap • CWE-284: Improper Access Control CWE-285: Improper Authorization •