CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2011-2717
https://notcve.org/view.php?id=CVE-2011-2717
27 Nov 2019 — The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message. El cliente DHCPv6 (dhcp6c) como se usado en el proyecto dhcpv6 hasta el 25/07/2011, permite a los servidores DHCP remotos ejecutar comandos arbitrarios por medio de metacaracteres de shell en un nombre de host obtenido desde un mensaje DHCP. • https://access.redhat.com/security/cve/cve-2011-2717 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2011-4967
https://notcve.org/view.php?id=CVE-2011-4967
19 Nov 2019 — tog-Pegasus has a package hash collision DoS vulnerability tog-Pegasus presenta una vulnerabilidad de DoS de colisión de paquete hash. • http://bugzilla.openpegasus.org/show_bug.cgi?id=9182 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2011-1145
https://notcve.org/view.php?id=CVE-2011-1145
14 Nov 2019 — The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string. La función SQLDriverConnect() en unixODBC versiones anterior a la versión 2.2.14p2, tiene una posible condición de desbordamiento del búfer cuando se especifica valor grande para el parámetro SAVEFILE en la cadena de conexión. • https://access.redhat.com/security/cve/cve-2011-1145 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 1CVE-2011-2897
https://notcve.org/view.php?id=CVE-2011-2897
12 Nov 2019 — gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw gdk-pixbuf versiones hasta 2.31.1, presenta un desbordamiento de búfer del cargador GIF cuando se inicializan las tablas de descompresión debido a un fallo de comprobación de entrada • https://access.redhat.com/security/cve/cve-2011-2897 • CWE-20: Improper Input Validation •
CVSS: 3.3EPSS: 0%CPEs: 8EXPL: 2CVE-2016-4983
https://notcve.org/view.php?id=CVE-2016-4983
05 Nov 2019 — A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files. Un script postinstall en el dovecot rpm, permite a usuarios locales leer el contenido de los archivos de clave SSL/TLS recientemente creados. • http://lists.opensuse.org/opensuse-updates/2016-11/msg00096.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2005-4890
https://notcve.org/view.php?id=CVE-2005-4890
04 Nov 2019 — There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process. Se presenta un posible secuestro de tty en shadow versiones 4.x anteriores a 4.1.5 y sudo versiones 1.x anteriores a 1.7.4 por medio de "su - user -c program". La sesión de usuario puede ser escapada a la sesión principal mediante el uso de la... • http://www.openwall.com/lists/oss-security/2012/11/06/8 • CWE-20: Improper Input Validation •
CVSS: 3.3EPSS: 0%CPEs: 5EXPL: 0CVE-2015-2877 – Cross-VM ASL INtrospection (CAIN)
https://notcve.org/view.php?id=CVE-2015-2877
06 Aug 2015 — Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack. NOTE: the vendor states "Basically if you care about this attack vector, disable deduplication." Share-until-written approaches for memory conservation among mutually untrusting tenants are inherently detectable for information disclosure, and ca... • http://www.antoniobarresi.com/files/cain_advisory.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 2%CPEs: 17EXPL: 0CVE-2015-1819 – libxml2: denial of service processing a crafted XML document
https://notcve.org/view.php?id=CVE-2015-1819
07 Jul 2015 — The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack. Vulnerabilidad en el xmlreader en libxml, permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de datos XML manipulados, relacionada con un ataque XML Entity Expansión (XEE). A denial of service flaw was found in the way the libxml2 library parsed certain XML files. An attacker could provide a specially... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 88%CPEs: 345EXPL: 23CVE-2014-7169 – GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-7169
25 Sep 2014 — GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a ... • https://packetstorm.news/files/id/128650 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-228: Improper Handling of Syntactically Invalid Structure •
CVSS: 10.0EPSS: 94%CPEs: 345EXPL: 137CVE-2014-6271 – GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-6271
24 Sep 2014 — GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." N... • https://packetstorm.news/files/id/181111 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •