CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2013-2106
https://notcve.org/view.php?id=CVE-2013-2106
webauth before 4.6.1 has authentication credential disclosure webauth versiones anteriores a 4.6.1, presenta una divulgación de credenciales de autenticación. • http://www.openwall.com/lists/oss-security/2013/05/18/6 https://access.redhat.com/security/cve/cve-2013-2106 https://security-tracker.debian.org/tracker/CVE-2013-2106 • CWE-522: Insufficiently Protected Credentials •
CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 0CVE-2013-4235
https://notcve.org/view.php?id=CVE-2013-4235
shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees shadow: condición de carrera TOCTOU (de tiempo de comprobación y tiempo de uso) cuando se copia y elimina árboles de directorio. • https://access.redhat.com/security/cve/cve-2013-4235 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235 https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E https://security-tracker.debian.org/tracker/CVE-2013-4235 https://security.gentoo.org/glsa/202210-26 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2019-19479 – opensc: Incorrect read operation during parsing of a SETCOS file attribute
https://notcve.org/view.php?id=CVE-2019-19479
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute. Se detectó un problema en OpenSC versiones hasta 0.19.0 y versiones 0.20.x hasta 0.20.0-rc3. El archivo libopensc/card-setcos.c presenta una operación de lectura incorrecta durante el análisis de un atributo de archivo SETCOS. • http://www.openwall.com/lists/oss-security/2019/12/29/1 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18693 https://github.com/OpenSC/OpenSC/commit/c3f23b836e5a1766c36617fe1da30d22f7b63de2 https://lists.debian.org/debian-lts-announce/2019/12/msg00031.html https://lists.debian.org/debian-lts-announce/2021/11/msg00027.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDSQLMZZYBHO5X3BK7D6E7E6NZIMZDI5 https://access.redhat.com/security/cve/CVE-2019-194 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2019-18609 – librabbitmq: integer overflow in amqp_handle_input in amqp_connection.c leads to heap-based buffer overflow
https://notcve.org/view.php?id=CVE-2019-18609
An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that leads to a smaller target_size value than needed. This condition is then carried on to a memcpy function that copies too much data into a heap buffer. Se detectó un problema en la función amqp_handle_input en el archivo amqp_connection.c en rabbitmq-c versión 0.9.0. • https://github.com/alanxz/rabbitmq-c/blob/master/ChangeLog.md https://github.com/alanxz/rabbitmq-c/commit/fc85be7123050b91b054e45b91c78d3241a5047a https://lists.debian.org/debian-lts-announce/2019/12/msg00004.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WA7CPNVYMF6OQNIYNLWUY6U2GTKFOKH3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XQER6XTKYMHNQR7QTHW7DJAH645WQROU https://news.ycombinator.com/item?id=21681976 https://security.gentoo.or • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2019-19462
https://notcve.org/view.php?id=CVE-2019-19462
relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result. La función relay_open en el archivo kernel/relay.c en el kernel de Linux versiones hasta 5.4.1, permite a usuarios locales causar una denegación de servicio (tal y como un bloqueo de retransmisión) al desencadenar un resultado NULL de alloc_percpu. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://lore.kernel.org/lkml/20191129013745.7168-1-dja%40axtens.net https://security.netapp.com/advisory/ntap-20210129-0004 https://syzkaller-ppc64.appspot.com/bug?id=1c09906c83a8ea811a9e318c2a4f8e243becc6f8 https://syzkaller-ppc64.appspot.com/bug?id=b05b4d005191cc375cdf848c3d4d980308d50531 https://syzkaller&# • CWE-476: NULL Pointer Dereference •