CVSS: 9.8EPSS: 2%CPEs: 18EXPL: 1CVE-2019-7164 – python-sqlalchemy: SQL Injection when the order_by parameter can be controlled
https://notcve.org/view.php?id=CVE-2019-7164
20 Feb 2019 — SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. SQLAlchemy, hasta la versión 1.2.17 y las 1.3.x hasta la 1.3.0b2, permite Inyección SQL mediante el parámetro "order_by". Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. SQLAlche... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00087.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-20175 – Debian Security Advisory 4394-1
https://notcve.org/view.php?id=CVE-2018-20175
19 Feb 2019 — rdesktop versions up to and including v1.8.3 contains several Integer Signedness errors that lead to Out-Of-Bounds Reads in the file mcs.c and result in a Denial of Service (segfault). rdesktop, en versiones hasta e incluyendo la v1.8.3, contiene varios errores en la propiedad signedness de un número entero que conducen a lecturas fuera de límites en el archivo mcs.c y resultan en una denegación de servicio (segfault). Multiple vulnerabilities have been discovered in rdesktop, the worst of which could resul... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00040.html • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 5%CPEs: 5EXPL: 1CVE-2018-20177 – Debian Security Advisory 4394-1
https://notcve.org/view.php?id=CVE-2018-20177
19 Feb 2019 — rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution. rdesktop, en versiones hasta e incluyendo la v1.8.3, contiene un desbordamiento de enteros que conduce a un desbordamiento de búfer basado en memoria dinámica (heap) en la función rdp_in_unistr() y resulta en la corrupción de memoria y, posiblemente, incluso la ejecución remota de código... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00040.html • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-20178 – Debian Security Advisory 4394-1
https://notcve.org/view.php?id=CVE-2018-20178
19 Feb 2019 — rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function process_demand_active() that results in a Denial of Service (segfault). rdesktop, en versiones hasta e incluyendo la v1.8.3, contiene una lectura fuera de límites en la función process_demand_active(), que resulta en una denegación de servicio (segfault). Multiple vulnerabilities have been discovered in rdesktop, the worst of which could result in the remote execution of arbitrary code. Versions less than 1.8.4 are af... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00040.html • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 10%CPEs: 3EXPL: 1CVE-2018-20180 – Debian Security Advisory 4394-1
https://notcve.org/view.php?id=CVE-2018-20180
19 Feb 2019 — rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function rdpsnddbg_process() and results in memory corruption and probably even a remote code execution. rdesktop, en versiones hasta e incluyendo la v1.8.3, contiene un subdesbordamiento de enteros que conduce a un desbordamiento de búfer basado en memoria dinámica (heap) en la función rdpsnddbg_process() y resulta en la corrupción de memoria y, posiblemente, incluso la ejecución remo... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00040.html • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 9.8EPSS: 10%CPEs: 3EXPL: 1CVE-2018-20181 – Debian Security Advisory 4394-1
https://notcve.org/view.php?id=CVE-2018-20181
19 Feb 2019 — rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function seamless_process() and results in memory corruption and probably even a remote code execution. rdesktop, en versiones hasta e incluyendo la v1.8.3, contiene un subdesbordamiento de enteros que conduce a un desbordamiento de búfer basado en memoria dinámica (heap) en la función seamless_process() y resulta en la corrupción de memoria y, posiblemente, incluso la ejecución remota... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00040.html • CWE-191: Integer Underflow (Wrap or Wraparound) CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 10%CPEs: 3EXPL: 1CVE-2018-20182 – Debian Security Advisory 4394-1
https://notcve.org/view.php?id=CVE-2018-20182
19 Feb 2019 — rdesktop versions up to and including v1.8.3 contain a Buffer Overflow over the global variables in the function seamless_process_line() that results in memory corruption and probably even a remote code execution. rdesktop, en versiones hasta e incluyendo la v1.8.3, contiene un desbordamiento de búfer en las variables globales en la función seamless_process_line() y resulta en la corrupción de memoria y, posiblemente, incluso la ejecución remota de código. Multiple vulnerabilities have been discovered in rd... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00040.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.4EPSS: 0%CPEs: 7EXPL: 1CVE-2019-8905
https://notcve.org/view.php?id=CVE-2019-8905
18 Feb 2019 — do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360. do_core_note en readelf.c en libmagic.a en la versión 5.35 de file tiene una sobrelectura de búfer basada en pila relacionada con file_printable. Esta vulnerabilidad es diferente de CVE-2018-10360. • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 1CVE-2019-8907 – Slackware Security Advisory - file Updates
https://notcve.org/view.php?id=CVE-2019-8907
18 Feb 2019 — do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact. do_core_note en readelf.c en libmagic.a en la versión 5.35 de file permite a los atacantes remotos provocar una denegación de servicio (corrupción de pila y cierre inesperado de la aplicación) o cualquier otro impacto no especificado. New file packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix sec... • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html • CWE-787: Out-of-bounds Write •
CVSS: 7.0EPSS: 0%CPEs: 55EXPL: 1CVE-2019-6454 – systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash
https://notcve.org/view.php?id=CVE-2019-6454
18 Feb 2019 — An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic). Se ha descubierto un problema en sd-bus en... • http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00070.html • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •