CVSS: 7.9EPSS: 0%CPEs: 6EXPL: 0CVE-2013-6375 – Gentoo Linux Security Advisory 201407-03
https://notcve.org/view.php?id=CVE-2013-6375
23 Nov 2013 — Xen 4.2.x and 4.3.x, when using Intel VT-d for PCI passthrough, does not properly flush the TLB after clearing a present translation table entry, which allows local guest administrators to cause a denial of service or gain privileges via unspecified vectors related to an "inverted boolean parameter." Xen 4.2.x y 4.3.x, cuando se usa una pasarela Intel VT-d para PCI, no vacía correctamente el TLB después de limpiar una entrada de tabla de traducción presente, lo que permite a administradores locales provocar... • http://lists.opensuse.org/opensuse-updates/2013-12/msg00059.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 93%CPEs: 9EXPL: 2CVE-2013-4547 – Nginx 1.1.17 - URI Processing SecURIty Bypass
https://notcve.org/view.php?id=CVE-2013-4547
22 Nov 2013 — nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. nginx 0.8.41 hasta la versión 1.4.3 y 1.5.x anterior a la versión 1.5.7 permite a atacantes remotos evadir restricciones intencionadas a través de un carácter de espacio sin escape en una URI. Ivan Fratric of the Google Security Team discovered a bug in nginx, which might allow an attacker to bypass security restrictions in certain configurations by using a spe... • https://www.exploit-db.com/exploits/38846 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 7.5EPSS: 0%CPEs: 23EXPL: 1CVE-2013-4487
https://notcve.org/view.php?id=CVE-2013-4487
19 Nov 2013 — Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. NOTE: this issue is due to an incomplete fix for CVE-2013-4466. Error de superación de límite en dane_raw_tlsa en la librería DANE (libdane) de GnuTLS 3.1.x anterior a la versión 3.1.16 y 3.2.x anterior a 3.2.6 permite en servidores remotos provocar una denegación de ser... • http://lists.opensuse.org/opensuse-updates/2013-11/msg00064.html • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 5%CPEs: 6EXPL: 0CVE-2013-1418 – krb5: multi-realm KDC null dereference leads to crash
https://notcve.org/view.php?id=CVE-2013-1418
16 Nov 2013 — The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request. La función setup_server_realm en main.c en Key Distribution Center (KDC) de MIT Kerberos 5 (también conocido como krb5) anterior a la versión 1.10.7, cuando se configuran varios campos, permite a atacantes remotos provocar una deneg... • http://advisories.mageia.org/MGASA-2013-0335.html • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 1%CPEs: 49EXPL: 1CVE-2013-6621 – Gentoo Linux Security Advisory 201403-01
https://notcve.org/view.php?id=CVE-2013-6621
13 Nov 2013 — Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the x-webkit-speech attribute in a text INPUT element. Vulnerabilidad de uso después de liberación en Google Chrome anterior a la versión 31.0.1650.48 permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto sin especificar a través de vectores relacionados con el atributo x-webkit-spee... • http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 8%CPEs: 7EXPL: 0CVE-2013-4559 – Mandriva Linux Security Advisory 2013-277
https://notcve.org/view.php?id=CVE-2013-4559
13 Nov 2013 — lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is reached. lighttpd anterior a la versión 1.4.33 no comprueba el valor de vuelta de (1) setuid, (2) setgid, o (3) setgroups, lo que podría causar que lighttpd se ejecute bajo adm... • http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_02.txt • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 5%CPEs: 7EXPL: 0CVE-2013-4560 – Mandriva Linux Security Advisory 2013-277
https://notcve.org/view.php?id=CVE-2013-4560
13 Nov 2013 — Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures. Vulnerabilidad de uso después de liberación en lighttpd anterior a la versión 1.4.33 permite a atacantes remotos provocar una denegación de servicio (fallo de segmentación y caída) a través de vectores que desencadenen fallos FAMMonitorDirectory. lighttpd before 1.4.34, when SNI is enabled, configures wea... • http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_03.txt • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 21EXPL: 0CVE-2013-6629 – libjpeg: information leak (read of uninitialized memory)
https://notcve.org/view.php?id=CVE-2013-6629
12 Nov 2013 — The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. La función get_sos de jdmarker.c en libjpeg 6b y libjpeg-turbo hasta la versión 1.3.... • http://advisories.mageia.org/MGASA-2013-0333.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-456: Missing Initialization of a Variable •
CVSS: 7.5EPSS: 2%CPEs: 7EXPL: 1CVE-2013-4508 – Mandriva Linux Security Advisory 2013-277
https://notcve.org/view.php?id=CVE-2013-4508
08 Nov 2013 — lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network. lighttpd anteriores a 1.4.34, cuando SNI esta habilitado, configura cifrados SSL débiles, lo que hace más fácil para un atacante remoto secuestrar sesiones insertando paquetes en el flujo de datos cliente-servidor u obtener información sensible capturando la red.... • http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_01.txt • CWE-326: Inadequate Encryption Strength •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 3CVE-2013-6365 – Horde 5.1.2 Cross Site Request Forgery / Cross Site Scripting
https://notcve.org/view.php?id=CVE-2013-6365
04 Nov 2013 — Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions Horde Groupware Web mail versión 5.1.2, presenta una vulnerabilidad de tipo CSRF con peticiones para cambiar permisos. Horde version 5.1.2 suffers from cross site request forgery and cross site scripting vulnerabilities. • https://packetstorm.news/files/id/123900 • CWE-352: Cross-Site Request Forgery (CSRF) •