CVSS: 10.0EPSS: 4%CPEs: 6EXPL: 0CVE-2021-31891
https://notcve.org/view.php?id=CVE-2021-31891
14 Sep 2021 — A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier), Operation Scheduler (All versions with OIS running on Debian 9 or earlier), Siveillance Control (All versions with OIS running on Debian 9 or earlier), Siveillance Control Pro (All versions). The affected application incorrectly neutralizes special elements in a specific HTTP GET request which could lead to command injection. An unauthenticated remote... • https://cert-portal.siemens.com/productcert/pdf/ssa-535380.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2018-19200
https://notcve.org/view.php?id=CVE-2018-19200
12 Nov 2018 — An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function. Se ha descubierto un problema en versiones anteriores a la 0.9.0 de uriparser. UriCommon.c permite el intento de operaciones en entradas NULL mediante una función uriResetUri*. • https://github.com/uriparser/uriparser/blob/uriparser-0.9.0/ChangeLog • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2014-8156
https://notcve.org/view.php?id=CVE-2014-8156
25 Sep 2017 — The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4, and fso-usaged 0.12.0-2 as packaged in Debian, the upstream cornucopia.git (fsoaudiod, fsodatad, fsodeviced, fsogsmd, fsonetworkd, fsotdld, fsousaged) git master on 2015-01-19, the upstream framework.git 0.10.1 and git master on 2015-01-19, phonefsod 0.1+git20121018-1 as packaged in Debian, Ubuntu and potentially other packages, and potentially other fso modules do not properly filter D... • http://www.openwall.com/lists/oss-security/2015/01/27/25 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 0CVE-2016-3062 – Gentoo Linux Security Advisory 201705-08
https://notcve.org/view.php?id=CVE-2016-3062
15 Jun 2016 — The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file. La función mov_read_dref en libavformat/mov.c en Libav en versiones anteriores a 11.7 y FFmpeg en versiones anteriores a 0.11 permite a atacantes remotos provocar una denegación de srevicio (corrupción de memoria) o ejecutar código arbitrario a través de valores de ent... • http://lists.opensuse.org/opensuse-updates/2016-06/msg00105.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 0%CPEs: 13EXPL: 0CVE-2016-1231 – Debian Security Advisory 3439-1
https://notcve.org/view.php?id=CVE-2016-1231
11 Jan 2016 — Directory traversal vulnerability in the HTTP file-serving module (mod_http_files) in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) in an unspecified path. Vulnerabilidad de salto de directorio en el módulo HTTP file-serving (mod_http_files) en Prosody 0.9.x en versiones anteriores a 0.9.9 permite a atacantes remotos leer archivos arbitrarios a través de un .. (punto punto) en una ruta no especificada. Two vulnerabilities were discovered in Prosody, a lightwei... • http://blog.prosody.im/prosody-0-9-9-security-release • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2016-1232 – Debian Security Advisory 3439-1
https://notcve.org/view.php?id=CVE-2016-1232
11 Jan 2016 — The mod_dialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoof servers via a brute force attack. El módulo mod_dialback en Prosody en versiones anteriores a 0.9.9 no genera adecuadamente valores aleatorios para para el token secreto en la autenticación de devolución de llamada de servidor a servidor, lo que hace que sea más fácil para atacantes suplantar servidores a trav... • http://blog.prosody.im/prosody-0-9-9-security-release •
CVSS: 10.0EPSS: 0%CPEs: 96EXPL: 0CVE-2013-4242 – GnuPG susceptible to Yarom/Falkner flush+reload cache side-channel attack
https://notcve.org/view.php?id=CVE-2013-4242
29 Jul 2013 — GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload. GnuPG anterior a 1.4.14, y Libgcrypt anterior a 1.5.3 usado en GnuPG 2.0.x y posiblemente otros productos, permite a usuarios locales obtener las claves RSA privadas a través de un ataque "side-channel" que involucra la caché L3. Aka Flush+Reload. The GNU Privacy Guard is a tool for encrypti... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717880 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 75EXPL: 0CVE-2012-2351
https://notcve.org/view.php?id=CVE-2012-2351
12 Jul 2012 — The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the "Match username attribute to Remote username" option to false, which allows remote SAML IdP servers to spoof users of other SAML IdP servers by using the same internal username. La configuración por defecto del plugin auth/SAML en Mahara antes de v1.4.2 establece el atributo "Match Username to Remote Username" a falso, lo que permite falsificar usuarios de otros servidores a los servidores remotos SAML IdP utilizando el mismo ... • http://gitorious.org/mahara/mahara/commit/f07be6020e70fa8f53cd77fdcd63e7fd7ff8aaea • CWE-16: Configuration CWE-284: Improper Access Control CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 6%CPEs: 61EXPL: 0CVE-2004-1139
https://notcve.org/view.php?id=CVE-2004-1139
15 Dec 2004 — Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 through 0.10.7 allows remote attackers to cause a denial of service (application crash). • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000916 •
CVSS: 7.5EPSS: 8%CPEs: 61EXPL: 0CVE-2004-1142
https://notcve.org/view.php?id=CVE-2004-1142
15 Dec 2004 — Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed SMB packet. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000916 •