CVSS: 10.0EPSS: 4%CPEs: 6EXPL: 0CVE-2021-31891
https://notcve.org/view.php?id=CVE-2021-31891
14 Sep 2021 — A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier), Operation Scheduler (All versions with OIS running on Debian 9 or earlier), Siveillance Control (All versions with OIS running on Debian 9 or earlier), Siveillance Control Pro (All versions). The affected application incorrectly neutralizes special elements in a specific HTTP GET request which could lead to command injection. An unauthenticated remote... • https://cert-portal.siemens.com/productcert/pdf/ssa-535380.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.9EPSS: 3%CPEs: 8EXPL: 1CVE-2020-16135 – libssh: NULL pointer dereference in sftpserver.c if ssh_buffer_new returns NULL
https://notcve.org/view.php?id=CVE-2020-16135
29 Jul 2020 — libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL. libssh versión 0.9.4, presenta una desreferencia del puntero NULL en el archivo tftpserver.c si la función ssh_buffer_new devuelve NULL A flaw was found in libssh. A NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL. Red Hat Advanced Cluster Management for Kubernetes 2.2.10 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that admin... • https://bugs.libssh.org/T232 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2018-19200
https://notcve.org/view.php?id=CVE-2018-19200
12 Nov 2018 — An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function. Se ha descubierto un problema en versiones anteriores a la 0.9.0 de uriparser. UriCommon.c permite el intento de operaciones en entradas NULL mediante una función uriResetUri*. • https://github.com/uriparser/uriparser/blob/uriparser-0.9.0/ChangeLog • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2014-8156
https://notcve.org/view.php?id=CVE-2014-8156
25 Sep 2017 — The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4, and fso-usaged 0.12.0-2 as packaged in Debian, the upstream cornucopia.git (fsoaudiod, fsodatad, fsodeviced, fsogsmd, fsonetworkd, fsotdld, fsousaged) git master on 2015-01-19, the upstream framework.git 0.10.1 and git master on 2015-01-19, phonefsod 0.1+git20121018-1 as packaged in Debian, Ubuntu and potentially other packages, and potentially other fso modules do not properly filter D... • http://www.openwall.com/lists/oss-security/2015/01/27/25 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 0CVE-2016-3062 – Gentoo Linux Security Advisory 201705-08
https://notcve.org/view.php?id=CVE-2016-3062
15 Jun 2016 — The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file. La función mov_read_dref en libavformat/mov.c en Libav en versiones anteriores a 11.7 y FFmpeg en versiones anteriores a 0.11 permite a atacantes remotos provocar una denegación de srevicio (corrupción de memoria) o ejecutar código arbitrario a través de valores de ent... • http://lists.opensuse.org/opensuse-updates/2016-06/msg00105.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 0%CPEs: 13EXPL: 0CVE-2016-1231 – Debian Security Advisory 3439-1
https://notcve.org/view.php?id=CVE-2016-1231
11 Jan 2016 — Directory traversal vulnerability in the HTTP file-serving module (mod_http_files) in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) in an unspecified path. Vulnerabilidad de salto de directorio en el módulo HTTP file-serving (mod_http_files) en Prosody 0.9.x en versiones anteriores a 0.9.9 permite a atacantes remotos leer archivos arbitrarios a través de un .. (punto punto) en una ruta no especificada. Two vulnerabilities were discovered in Prosody, a lightwei... • http://blog.prosody.im/prosody-0-9-9-security-release • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2016-1232 – Debian Security Advisory 3439-1
https://notcve.org/view.php?id=CVE-2016-1232
11 Jan 2016 — The mod_dialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoof servers via a brute force attack. El módulo mod_dialback en Prosody en versiones anteriores a 0.9.9 no genera adecuadamente valores aleatorios para para el token secreto en la autenticación de devolución de llamada de servidor a servidor, lo que hace que sea más fácil para atacantes suplantar servidores a trav... • http://blog.prosody.im/prosody-0-9-9-security-release •
CVSS: 10.0EPSS: 0%CPEs: 96EXPL: 0CVE-2013-4242 – GnuPG susceptible to Yarom/Falkner flush+reload cache side-channel attack
https://notcve.org/view.php?id=CVE-2013-4242
29 Jul 2013 — GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload. GnuPG anterior a 1.4.14, y Libgcrypt anterior a 1.5.3 usado en GnuPG 2.0.x y posiblemente otros productos, permite a usuarios locales obtener las claves RSA privadas a través de un ataque "side-channel" que involucra la caché L3. Aka Flush+Reload. The GNU Privacy Guard is a tool for encrypti... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717880 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 6%CPEs: 61EXPL: 0CVE-2004-1139
https://notcve.org/view.php?id=CVE-2004-1139
15 Dec 2004 — Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 through 0.10.7 allows remote attackers to cause a denial of service (application crash). • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000916 •
CVSS: 7.5EPSS: 8%CPEs: 61EXPL: 0CVE-2004-1142
https://notcve.org/view.php?id=CVE-2004-1142
15 Dec 2004 — Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed SMB packet. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000916 •