CVSS: 6.2EPSS: 0%CPEs: 6EXPL: 1CVE-2023-1981 – avahi: avahi-daemon can be crashed via DBus
https://notcve.org/view.php?id=CVE-2023-1981
26 May 2023 — A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call, causing the avahi daemon to crash. USN-6129-1 fixed a vulnerability in Avahi. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that Avahi incorrectly handled certain DBus messages. • https://access.redhat.com/security/cve/CVE-2023-1981 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14312
https://notcve.org/view.php?id=CVE-2020-14312
05 Feb 2021 — A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option `local-service` is not enabled. Running dnsmasq in this manner may inadvertently make it an open resolver accessible from any address on the internet. This flaw allows an attacker to conduct a Distributed Denial of Service (DDoS) against ot... • https://bugzilla.redhat.com/show_bug.cgi?id=1851342 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 3%CPEs: 4EXPL: 0CVE-2010-5304
https://notcve.org/view.php?id=CVE-2010-5304
05 Feb 2020 — A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client. Se encontró un fallo de desreferencia del puntero NULL en la manera en que LibVNCServer versiones anteriores a 0.9.9 manejaba determinado mensaje de ClientCutText. Un atacante remoto podría utilizar este fallo para bloquear el servidor VNC mediante el envío de... • http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.9EPSS: 1%CPEs: 4EXPL: 0CVE-2013-0294
https://notcve.org/view.php?id=CVE-2013-0294
28 Jan 2020 — packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack. El archivo packet.py en pyrad versiones anteriores a 2.1, utiliza números aleatorios débiles para generar autenticadores RADIUS y contraseñas de hash, lo que facilita a atacantes remotos obtener información confidencial por medio de un ataque de fuerza bruta. • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115677.html • CWE-330: Use of Insufficiently Random Values •
CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 0CVE-2014-2581
https://notcve.org/view.php?id=CVE-2014-2581
28 Jan 2020 — Smb4K before 1.1.1 allows remote attackers to obtain credentials via vectors related to the cuid option in the "Additional options" line edit. Smb4K versiones anteriores a 1.1.1, permite a atacantes remotos obtener credenciales por medio de vectores relacionados con la opción cuid en la edición de línea "Additional options". • http://lists.fedoraproject.org/pipermail/package-announce/2014-June/133898.html • CWE-522: Insufficiently Protected Credentials •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2013-4411
https://notcve.org/view.php?id=CVE-2013-4411
03 Dec 2019 — Review Board: URL processing gives unauthorized users access to review lists Review Board: el procesamiento de URL otorga acceso a usuarios no autorizados en listas de revisión. • http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120619.html • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2013-4410
https://notcve.org/view.php?id=CVE-2013-4410
02 Dec 2019 — ReviewBoard: has an access-control problem in REST API ReviewBoard: presenta un problema de control de acceso en la API REST. • http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120619.html • CWE-863: Incorrect Authorization •
CVSS: 6.1EPSS: 1%CPEs: 4EXPL: 1CVE-2015-2793
https://notcve.org/view.php?id=CVE-2015-2793
21 Nov 2019 — Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openid_identifier parameter in a verify action to ikiwiki.cgi. Una vulnerabilidad de tipo cross-site scripting (XSS) en el archivo templates/openid-selector.tmpl en ikiwiki versiones anteriores a 3.20150329, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro openid_identifier en una acción de comp... • http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157001.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2014-5118
https://notcve.org/view.php?id=CVE-2014-5118
18 Nov 2019 — Trusted Boot (tboot) before 1.8.2 has a 'loader.c' Security Bypass Vulnerability Trusted Boot (tboot) anterior a la versión 1.8.2 tiene una vulnerabilidad de omisión de seguridad en "loader.c" • http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136768.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 0CVE-2014-0021
https://notcve.org/view.php?id=CVE-2014-0021
15 Nov 2019 — Chrony before 1.29.1 has traffic amplification in cmdmon protocol Chrony versiones anteriores a la versión 1.29.1, tiene amplificación de tráfico en el protocolo cmdmon. • http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127837.html •