CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1572
https://notcve.org/view.php?id=CVE-2019-1572
26 Mar 2019 — PAN-OS 9.0.0 may allow an unauthenticated remote user to access php files. **RECHAZADA** NO USAR ESTE NÚMERO DE CANDIDATO. ConsultIDs: CVE-2019-1571. Motivo: Este candidato es una réplica de reserva de CVE-2019-1571. Notas: Todos los usuarios de CVE deben hacer referencia a CVE-2019-1571 en lugar de este candidato. • http://www.securityfocus.com/bid/107720 •
CVSS: 5.9EPSS: 1%CPEs: 180EXPL: 0CVE-2019-1559 – 0-byte record padding oracle
https://notcve.org/view.php?id=CVE-2019-1559
26 Feb 2019 — If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order ... • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html • CWE-203: Observable Discrepancy CWE-325: Missing Cryptographic Step •