CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2014-3495
https://notcve.org/view.php?id=CVE-2014-3495
duplicity 0.6.24 has improper verification of SSL certificates duplicity versión 0.6.24, presenta una comprobación inapropiada de los certificados SSL. • https://access.redhat.com/security/cve/cve-2014-3495 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3495 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-3495 https://security-tracker.debian.org/tracker/CVE-2014-3495 • CWE-295: Improper Certificate Validation •
CVSS: 4.6EPSS: 0%CPEs: 5EXPL: 0CVE-2014-2387
https://notcve.org/view.php?id=CVE-2014-2387
Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities Pen versión 0.18.0, presenta vulnerabilidades no seguras en la creación de archivos temporales. • http://www.openwall.com/lists/oss-security/2014/03/13/5 http://www.openwall.com/lists/oss-security/2014/03/14/2 http://www.securityfocus.com/bid/66214 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-2387 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-2387 https://exchange.xforce.ibmcloud.com/vulnerabilities/91992 https://security-tracker.debian.org/tracker/CVE-2014-2387 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2013-7370
https://notcve.org/view.php?id=CVE-2013-7370
node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware node-connect versiones anteriores a 2.8.1, presenta una vulnerabilidad de tipo XSS en el middleware Sencha Labs Connect. • http://www.openwall.com/lists/oss-security/2014/04/21/2 http://www.openwall.com/lists/oss-security/2014/05/13/1 https://access.redhat.com/security/cve/cve-2013-7370 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7370 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-7370 https://nodesecurity.io/advisories/methodOverride_Middleware_Reflected_Cross-Site_Scripting https://security-tracker.debian.org/tracker/CVE-2013-7370 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 1%CPEs: 14EXPL: 0CVE-2013-2625
https://notcve.org/view.php?id=CVE-2013-2625
An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified Existe un problema de Omisión de Acceso en OTRS Help Desk versiones anteriores a la versión 3.2.4, 3.1.14 y 3.0.19, OTRS ITSM versiones anteriores a la versión 3.2.3, 3.1.8 y 3.0.7, y FAQ versiones anteriores a la versión 2.2.3, 2.1.4, y 2.0.8. Los derechos de acceso por el mecanismo de enlace de objetos no son comprobados. • http://archives.neohapsis.com/archives/bugtraq/2013-08/0009.html http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html http://www.securityfocus.com/bid/58936 https://exchange.xforce.ibmcloud.com/vulnerabilities/83287 https://security-tracker.debian.org/tracker/CVE-2013-2625 • CWE-269: Improper Privilege Management •
CVSS: 3.3EPSS: 0%CPEs: 6EXPL: 1CVE-2012-6655
https://notcve.org/view.php?id=CVE-2012-6655
An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords. Existe un problema en AccountService versión 0.6.37, en la función user_change_password_authorized_cb() en el archivo user.c, lo que podría permitir a usuarios locales obtener contraseñas cifradas. • http://www.openwall.com/lists/oss-security/2014/08/16/7 http://www.securityfocus.com/bid/69245 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6655 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-6655 https://exchange.xforce.ibmcloud.com/vulnerabilities/95325 https://security-tracker.debian.org/tracker/CVE-2012-6655 • CWE-732: Incorrect Permission Assignment for Critical Resource •