CVSS: 7.5EPSS: 2%CPEs: 7EXPL: 1CVE-2013-4508 – Mandriva Linux Security Advisory 2013-277
https://notcve.org/view.php?id=CVE-2013-4508
08 Nov 2013 — lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network. lighttpd anteriores a 1.4.34, cuando SNI esta habilitado, configura cifrados SSL débiles, lo que hace más fácil para un atacante remoto secuestrar sesiones insertando paquetes en el flujo de datos cliente-servidor u obtener información sensible capturando la red.... • http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_01.txt • CWE-326: Inadequate Encryption Strength •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 1CVE-2013-2065 – Ubuntu Security Notice USN-2035-1
https://notcve.org/view.php?id=CVE-2013-2065
02 Nov 2013 — (1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions. (1) DL y (2) Fiddle en Ruby 1.9 anterior a 1.9.3 patchlevel 426, y 2.0 anterior a 2.0.0 patchlevel 195, no se realizan la comprobación de corrupción de las funciones nativas, lo que permite a atacantes dependientes de contexto eludir el nivel de restricciones $SAFE. Charlie... • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107064.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 1CVE-2013-2190 – Mandriva Linux Security Advisory 2013-255
https://notcve.org/view.php?id=CVE-2013-2190
17 Oct 2013 — The translate_hierarchy_event function in x11/clutter-device-manager-xi2.c in Clutter, when resuming the system, does not properly handle XIQueryDevice errors when a device has "disappeared," which causes the gnome-shell to crash and allows physically proximate attackers to access the previous gnome-shell session via unspecified vectors. La función translate_hierarchy_event de x11/clutter-device-manager-xi2.c en nClutter, al reanudar el sistema, no maneja adecuadamente los errores XIQueryDevice cuando un di... • http://lists.opensuse.org/opensuse-updates/2013-10/msg00014.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 1CVE-2013-4389 – Debian Security Advisory 2888-1
https://notcve.org/view.php?id=CVE-2013-4389
17 Oct 2013 — Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message. Múltiples vulnerabilidadews de format string en archivos log_subscriber.rb en el componente de suscripción de log de Action Mailer en Ruby on Rails 3.x anterior a 3.2.15 permite a atacantes remotos causar una denegac... • http://lists.opensuse.org/opensuse-updates/2013-12/msg00091.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 8.8EPSS: 2%CPEs: 79EXPL: 0CVE-2013-2927 – Apple Security Advisory 2014-06-30-4
https://notcve.org/view.php?id=CVE-2013-2927
16 Oct 2013 — Use-after-free vulnerability in the HTMLFormElement::prepareForSubmission function in core/html/HTMLFormElement.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to submission for FORM elements. Vulnerabilidad de uso después de liberación en la función HTMLFormElement::prepareForSubmission en core/html/HTMLFormElement.cpp de Blink, tal como se usa en Google Chrome anterior a la versi... • http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 6%CPEs: 11EXPL: 0CVE-2013-4365 – Gentoo Linux Security Advisory 201402-09
https://notcve.org/view.php?id=CVE-2013-4365
11 Oct 2013 — Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors. Vulnerabilidad de desbordamiento de buffer (heap) en la función fcgid_header_bucket_read de fcgd_bucket.c en el modulo mod_fcgid anterior a 2.3.9 para Apache HTTP Server permite a atacantes remotos tener unimpacto no especificado a través de vectores desconocidos. Robert Matthews discov... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00011.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 2%CPEs: 64EXPL: 0CVE-2013-2919 – Gentoo Linux Security Advisory 201403-01
https://notcve.org/view.php?id=CVE-2013-2919
02 Oct 2013 — Google V8, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. Google V8, tal como se utiliza en Google Chrome anterior a la versión 30.0.1599.66, permite a atacantes remotos causar una denegación de servicio (corrupción de memoria) o posiblemente tener otro impacto sin especificar a través de vectores desconocidos. Multiple vulnerabilities have been reported in Chromium and V8, ... • http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 2.9EPSS: 0%CPEs: 5EXPL: 1CVE-2013-2217 – Ubuntu Security Notice USN-2008-1
https://notcve.org/view.php?id=CVE-2013-2217
23 Sep 2013 — cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/. cache.py en Suds 0.4, cuando tempdir es establecido a None, permite a usuarios locales redirigir consultas SOAP y posiblemente tener otros efectos no especificados a través de un ataque de enlaces simbólicos sobre un archivo de caché con un nombre predecible en /tmp/suds. Ralph Loader discovered t... • https://github.com/Osirium/suds • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2013-4288 – polkit: unix-process subject for authorization is racy
https://notcve.org/view.php?id=CVE-2013-4288
18 Sep 2013 — Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus API, or (3) the --process (unix-process) option for authorization to pkcheck. Condición de carrera en PolicyKit (también conocida como polkit) permite a usuarios locales evadir restricciones PolicyKit intencionadas y obtener privilegios... • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1002375 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2013-4132
https://notcve.org/view.php?id=CVE-2013-4132
16 Sep 2013 — KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via (1) an invalid salt or a (2) DES or (3) MD5 encrypted password, when FIPS-140 is enable, to KDM or an (4) invalid password to KCheckPass. KDE-Workspace 4.10.5 y anteriores no gestiona de forma adecuada el valor de retorno de glibc 2.17 crypt y funciones pw_encrypt, lo que permite a atac... • http://lists.opensuse.org/opensuse-updates/2013-07/msg00082.html • CWE-310: Cryptographic Issues •