Page 10 of 108 results (0.013 seconds)

CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 1

CVE-2018-19872 – qt: Malformed PPM image causing division by zero and crash in qppmhandler.cpp

https://notcve.org/view.php?id=CVE-2018-19872

An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp. Se ha descubierto un problema en Qt 5.11. Una imagen PPM mal formada provoca una división entre cero y un cierre inesperado en qppmhandler.cpp. • http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.html https://bugreports.qt.io/browse/QTBUG-69449 https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C5FHCR4A636BLTAXL76WWDJLOAHGNYG https://lists.fedoraproject.org/archives/list& • CWE-369: Divide By Zero •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

CVE-2019-3833 – openwsman: Infinite loop in process_connection() allows denial of service

https://notcve.org/view.php?id=CVE-2019-3833

Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server. Openwsman, en versiones hasta e incluyendo la 2.6.9, es vulnerable a un bucle infinito en process_connection() al analizar peticiones HTTP especialmente manipuladas. Un atacante remoto no autenticado podría explotar esta vulnerabilidad enviando una petición HTTP especialmente manipulada para provocar una denegación de servicio (DoS) en el servidor openwsman. • http://bugzilla.suse.com/show_bug.cgi?id=1122623 http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00065.html http://www.securityfocus.com/bid/107367 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3833 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2V5HJ355RSKMFQ7GRJAHRZNDVXASF7TA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0

CVE-2019-3816 – openwsman: Disclosure of arbitrary files outside of the registered URIs

https://notcve.org/view.php?id=CVE-2019-3816

Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server. Openwsman, en versiones hasta e incluyendo la 2.6.9, es vulnerable a una divulgación de archivos arbitrarios debido a que el directorio de trabajo del demonio openwsmand se establecía en el directorio root. Un atacante remoto no autenticado podría explotar esta vulnerabilidad enviando una petición HTTP especialmente manipulada al servidor openwsman. • http://bugzilla.suse.com/show_bug.cgi?id=1122623 http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00065.html http://www.securityfocus.com/bid/107368 http://www.securityfocus.com/bid/107409 https://access.redhat.com/errata/RHSA-2019:0638 https://access.redhat.com/errata/RHSA-2019:0972 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3816 https://lists.fedoraproject.org/archives/list/package& • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0

CVE-2019-9658

https://notcve.org/view.php?id=CVE-2019-9658

Checkstyle before 8.18 loads external DTDs by default. Checkstyle, en versiones anteriores a la 8.18, carga DTD externas por defecto. • https://checkstyle.org/releasenotes.html#Release_8.18 https://github.com/checkstyle/checkstyle/issues/6474 https://github.com/checkstyle/checkstyle/issues/6478 https://github.com/checkstyle/checkstyle/pull/6476 https://lists.apache.org/thread.html/6bf8bbbca826e883f09ba40bc0d319350e1d6d4cf4df7c9e399b2699%40%3Ccommits.fluo.apache.org%3E https://lists.apache.org/thread.html/7eea10e7be4c21060cb1e79f6524c6e6559ba833b1465cd2870a56b9%40%3Cserver-dev.james.apache.org%3E https://lists.apache.org/thread.html/994221405e940e148adcfd9cb24ffc6700bed70c7820c55a22559d26 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 9.8EPSS: 1%CPEs: 41EXPL: 0

CVE-2019-9636 – python: Information Disclosure due to urlsplit improper NFKC normalization

https://notcve.org/view.php?id=CVE-2019-9636

Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html http://www.securityfocus.com/bid/107400 https://access. • CWE-172: Encoding Error •