CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 1CVE-2022-48541 – Ubuntu Security Notice USN-6393-1
https://notcve.org/view.php?id=CVE-2022-48541
22 Aug 2023 — A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the "identify -help" command. Una pérdida de memoria en ImageMagick 7.0.10-45 y 6.9.11-22 permite a atacantes remotos realizar una denegación de servicio mediante el comando "identify -help". It was discovered that ImageMagick did not properly handle memory when processing the -help option. An attacker could potentially use this issue to cause a crash. • https://github.com/ImageMagick/ImageMagick/issues/2889 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14312
https://notcve.org/view.php?id=CVE-2020-14312
05 Feb 2021 — A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option `local-service` is not enabled. Running dnsmasq in this manner may inadvertently make it an open resolver accessible from any address on the internet. This flaw allows an attacker to conduct a Distributed Denial of Service (DDoS) against ot... • https://bugzilla.redhat.com/show_bug.cgi?id=1851342 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 3CVE-2015-4410
https://notcve.org/view.php?id=CVE-2015-4410
20 Feb 2020 — The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit dd5a7c14b5d2e466f7875d079af71ad19774609b allows remote attackers to cause a denial of service (worker resource consumption) or perform a cross-site scripting (XSS) attack via a crafted string. El método Moped::BSON::ObjecId.legal? en rubygem-moped antes del commit dd5a7c14b5d2e466f7875d079af71ad19774609b, permite a atacantes remotos causar una denegación de servicio (consumo de recursos de worker) o llevar a cabo un ataque de tipo cross-s... • http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161964.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 3%CPEs: 3EXPL: 2CVE-2015-4411
https://notcve.org/view.php?id=CVE-2015-4411
20 Feb 2020 — The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service (worker resource consumption) via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410. El método Moped::BSON::ObjecId.legal? en mongodb/bson-ruby, versiones anteriores a 3.0.4, como es usado en rubygem-moped, permite a atacantes remotos causar una denegación de servicio (consumo de recursos de worker) por medio de una cadena diseña... • http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161964.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.1EPSS: 1%CPEs: 4EXPL: 1CVE-2015-2793
https://notcve.org/view.php?id=CVE-2015-2793
21 Nov 2019 — Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openid_identifier parameter in a verify action to ikiwiki.cgi. Una vulnerabilidad de tipo cross-site scripting (XSS) en el archivo templates/openid-selector.tmpl en ikiwiki versiones anteriores a 3.20150329, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro openid_identifier en una acción de comp... • http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157001.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-4978
https://notcve.org/view.php?id=CVE-2014-4978
29 Dec 2017 — The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio might allow local users to truncate arbitrary files via a symlink attack on (1) /tmp/rs-filter-graph.png or (2) /tmp/rs-filter-graph. La función rs_filter_graph en librawstudio/rs-filter.c en rawstudio podría permitir que usuarios locales trunquen archivos arbitrarios mediante un ataque de vínculo simbólico en (1) /tmp/rs-filter-graph.png o (2) /tmp/rs-filter-graph. • http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162109.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2015-8008
https://notcve.org/view.php?id=CVE-2015-8008
29 Dec 2017 — The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token. La extensión OAuth para MediaWiki negocia incorrectamente un nuevo token de cliente solo en Special:OAuth/initiate. Esto permite que atacantes omitan las restricciones de dirección IP planeadas elaborando una petición API con un token existente. • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170961.html • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 11%CPEs: 16EXPL: 0CVE-2015-5739 – golang: HTTP request smuggling in net/http library
https://notcve.org/view.php?id=CVE-2015-5739
18 Oct 2017 — The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length." La biblioteca net/http en net/textproto/reader.go en Go en versiones anteriores a la 1.4.3 no analiza sintácticamente claves de cabecera HTTP correctamente, lo que permite que atacantes remotos lleven a cabo ataques de contrabando de... • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/167997.html • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 9.8EPSS: 6%CPEs: 16EXPL: 0CVE-2015-5740 – golang: HTTP request smuggling in net/http library
https://notcve.org/view.php?id=CVE-2015-5740
18 Oct 2017 — The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers. La biblioteca net/http en net/http/transfer.go en Go en versiones anteriores a la 1.4.3 no analiza sintácticamente cabeceras HTTP correctamente, lo que permite que atacantes remotos lleven a cabo ataques de contrabando de peticiones HTTP mediante una petición con dos cabeceras Content-lengt... • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/167997.html • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 9.8EPSS: 10%CPEs: 3EXPL: 1CVE-2015-7687
https://notcve.org/view.php?id=CVE-2015-7687
16 Oct 2017 — Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving req_ca_vrfy_smtp and req_ca_vrfy_mta. Uso de memoria previamente liberada en OpenSMTPD en versiones anteriores a la 5.7.2 permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado) o que ejecuten código arbitrario mediante vectores relacionados con req_ca_vrfy_smtp y req_ca_vrfy_mta. • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170448.html • CWE-416: Use After Free •