CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 1CVE-2019-17358
https://notcve.org/view.php?id=CVE-2019-17358
Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP module. Cacti versiones hasta 1.2.7, está afectado por múltiples instancias de deserialización no segura de la biblioteca lib/functions.php de datos controlados por parte del usuario para llenar matrices. Un atacante autenticado podría usar esto para influir en los valores de los datos del objeto y controlar las acciones tomadas por Cacti o potencialmente causar una corrupción de la memoria en el módulo PHP. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html https://bugzilla.suse.com/show_bug.cgi?id=CVE-2019-17358 https://github.com/Cacti/cacti/blob/79f29cddb5eb05cbaff486cd634285ef1fed9326/lib/functions.php#L3109 https://github.com/Cacti/cacti/commit/adf221344359f5b02b8aed4 • CWE-502: Deserialization of Untrusted Data CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2013-7371
https://notcve.org/view.php?id=CVE-2013-7371
node-connects before 2.8.2 has cross site scripting in Sencha Labs Connect middleware (vulnerability due to incomplete fix for CVE-2013-7370) node-connects versiones anteriores a 2.8.2, presenta una vulnerabilidad de tipo cross site scripting en el middleware de Sencha Labs Connect (vulnerabilidad debido a una corrección incompleta para el CVE-2013-7370) • http://www.openwall.com/lists/oss-security/2014/04/21/2 http://www.openwall.com/lists/oss-security/2014/05/13/1 https://access.redhat.com/security/cve/cve-2013-7371 https://exchange.xforce.ibmcloud.com/vulnerabilities/92710 https://nodesecurity.io/advisories/methodOverride_Middleware_Reflected_Cross-Site_Scripting https://security-tracker.debian.org/tracker/CVE-2013-7371 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2013-7370
https://notcve.org/view.php?id=CVE-2013-7370
node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware node-connect versiones anteriores a 2.8.1, presenta una vulnerabilidad de tipo XSS en el middleware Sencha Labs Connect. • http://www.openwall.com/lists/oss-security/2014/04/21/2 http://www.openwall.com/lists/oss-security/2014/05/13/1 https://access.redhat.com/security/cve/cve-2013-7370 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7370 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-7370 https://nodesecurity.io/advisories/methodOverride_Middleware_Reflected_Cross-Site_Scripting https://security-tracker.debian.org/tracker/CVE-2013-7370 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2013-4245
https://notcve.org/view.php?id=CVE-2013-4245
Orca has arbitrary code execution due to insecure Python module load Orca presenta una ejecución de código arbitrario debido a una carga no segura del módulo Python. • https://access.redhat.com/security/cve/cve-2013-4245 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4245 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-4245 https://security-tracker.debian.org/tracker/CVE-2013-4245 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2013-4158
https://notcve.org/view.php?id=CVE-2013-4158
smokeping before 2.6.9 has XSS (incomplete fix for CVE-2012-0790) smokeping versiones anteriores a 2.6.9, presenta una vulnerabilidad de tipo XSS (corrección incompleta para el CVE-2012-0790) • http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113987.html http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114008.html http://www.openwall.com/lists/oss-security/2013/07/20/2 http://www.securityfocus.com/bid/61371 https://access.redhat.com/security/cve/cve-2013-4158 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4158 https://exchange.xforce.ibmcloud.com/vulnerabilities/85887 https://security-tracker.debian.org/tracker/CVE-2013-4158 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •