CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2013-3565
https://notcve.org/view.php?id=CVE-2013-3565
31 Jan 2020 — Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en la interfaz HTTP en VideoLAN VLC Media Player versiones anteriores a 2.0.7, ... • http://git.videolan.org/gitweb.cgi/vlc.git/?p=vlc.git%3Ba=commitdiff%3Bh=bf02b8dd211d5a52aa301a9a2ff4e73ed8195881 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2014-3495
https://notcve.org/view.php?id=CVE-2014-3495
13 Dec 2019 — duplicity 0.6.24 has improper verification of SSL certificates duplicity versión 0.6.24, presenta una comprobación inapropiada de los certificados SSL. • https://access.redhat.com/security/cve/cve-2014-3495 • CWE-295: Improper Certificate Validation •
CVSS: 4.6EPSS: 0%CPEs: 5EXPL: 0CVE-2014-2387
https://notcve.org/view.php?id=CVE-2014-2387
13 Dec 2019 — Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities Pen versión 0.18.0, presenta vulnerabilidades no seguras en la creación de archivos temporales. • http://www.openwall.com/lists/oss-security/2014/03/13/5 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.1EPSS: 1%CPEs: 6EXPL: 0CVE-2013-7370
https://notcve.org/view.php?id=CVE-2013-7370
11 Dec 2019 — node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware node-connect versiones anteriores a 2.8.1, presenta una vulnerabilidad de tipo XSS en el middleware Sencha Labs Connect. • http://www.openwall.com/lists/oss-security/2014/04/21/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.3EPSS: 0%CPEs: 6EXPL: 1CVE-2012-6655 – Ubuntu Security Notice USN-6687-1
https://notcve.org/view.php?id=CVE-2012-6655
27 Nov 2019 — An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords. Existe un problema en AccountService versión 0.6.37, en la función user_change_password_authorized_cb() en el archivo user.c, lo que podría permitir a usuarios locales obtener contraseñas cifradas. It was discovered that AccountsService called a helper incorrectly when performing password change operations. A local attacker could possibly use this iss... • http://www.openwall.com/lists/oss-security/2014/08/16/7 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2013-3718
https://notcve.org/view.php?id=CVE-2013-3718
01 Nov 2019 — evince is missing a check on number of pages which can lead to a segmentation fault evince está careciendo de una comprobación en el número de páginas que puede conllevar a un fallo de segmentación • http://bugzilla.gnome.org/show_bug.cgi?id=701302 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-0158
https://notcve.org/view.php?id=CVE-2014-0158
10 Apr 2018 — Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file because of incorrect j2k_decode, j2k_read_eoc, and tcd_decode_tile interaction, a related issue to CVE-2013-6045. NOTE: this is not a duplicate of CVE-2013-1447, because the scope of CVE-2013-1447 was specifically defined in http://openwall.com/lists/oss-security/2013/12/04/6 as only "null ... • https://bugzilla.redhat.com/show_bug.cgi?id=1082925 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2015-5203 – jasper: integer overflow in jas_image_cmpt_create()
https://notcve.org/view.php?id=CVE-2015-5203
10 May 2017 — Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. Una vulnerabilidad de liberación doble (double free) en la función jasper_image_stop_load en JasPer 1.900.17 permite que atacantes remotos provoquen una denegación de servicio utilizando un archivo de imagen JPEG 2000 manipulado. It was discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user ... • http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.html • CWE-190: Integer Overflow or Wraparound CWE-415: Double Free •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2015-5221 – jasper: use-after-free and double-free flaws in mif_process_cmpt()
https://notcve.org/view.php?id=CVE-2015-5221
10 May 2017 — Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. La vulnerabilidad de uso después liberada (Use-after-free) en la función mif_process_cmpt en el archivo libjasper/mif/mif_cod.c en la biblioteca JPEG-2000 de JasPer anterior a versión 1.900.2, permite a los atacantes remotos causar una denegación de servicio (bloqueo) por medio ... • http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.html • CWE-416: Use After Free •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0CVE-2015-8864
https://notcve.org/view.php?id=CVE-2015-8864
13 Apr 2017 — Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068. La vulnerabilidad XSS en Roundcube Webmail en versiones anteriores a 1.0.9 y 1.1.x en versiones anteriores a 1.1.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un SVG manipulado, una vulnerabilidad diferente a CVE-2016-4068. • http://lists.opensuse.org/opensuse-updates/2016-08/msg00078.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •