CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 1CVE-2019-13114 – exiv2: null-pointer dereference in http.c causing denial of service
https://notcve.org/view.php?id=CVE-2019-13114
http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character. En el archivo http.c en Exiv2 hasta la versión 0.27.1, permite a un servidor http malicioso causar una denegación de servicio (bloqueo debido a una desreferencia del puntero NULL) mediante el retorno de una respuesta creada que carece de un carácter espacio. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html https://github.com/Exiv2/exiv2/issues/793 https://github.com/Exiv2/exiv2/pull/815 https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGBT5OD2TF4AIXJUC56WOUJRHAZLZ4DC https://support.f5.com/csp/article/K45429077?utm_source=f5support&%3Butm_medium=RSS https://usn.ubuntu.com/4056-1 https://access.redhat.com/securi • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 1CVE-2019-13112 – exiv2: uncontrolled memory allocation in PngChunk::parseChunkContent causing denial of service
https://notcve.org/view.php?id=CVE-2019-13112
A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to an std::bad_alloc exception) via a crafted PNG image file. Una asignación de memoria no controlada en la función PngChunk::parseChunkContent en Exiv2 hasta la versión 0.27.1, permite a un atacante causar una denegación de servicio (bloqueo debido a una excepción std::bad_alloc) por medio de un archivo de imagen PNG creado. • https://github.com/Exiv2/exiv2/issues/845 https://github.com/Exiv2/exiv2/pull/846 https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGBT5OD2TF4AIXJUC56WOUJRHAZLZ4DC https://usn.ubuntu.com/4056-1 https://access.redhat.com/security/cve/CVE-2019-13112 https://bugzilla.redhat.com/show_bug.cgi?id=1728490 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 1CVE-2019-13050 – GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack which leads to persistent DoS
https://notcve.org/view.php?id=CVE-2019-13050
Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack. La interacción entre el código sks-keyserver hasta versión 1.2.0 de la red SKS keyserver, y GnuPG hasta la versión 2.2.16, hace arriesgado tener una línea de configuración keyserver de GnuPG que se refiera a un host en la red SKS keyserver. La recuperación de datos de esta red puede causar una denegación de servicio persistente, debido a un Ataque de Spamming de Certificado. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00039.html https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E https://lists.fedoraproject.org/archives/list/pack • CWE-295: Improper Certificate Validation CWE-297: Improper Validation of Certificate with Host Mismatch •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2019-13038 – mod_auth_mellon: Open Redirect via the login?ReturnTo= substring which could facilitate information theft
https://notcve.org/view.php?id=CVE-2019-13038
mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL. mod_auth_mellon hasta versión 0.14.2, presenta un problema de Redireccionamiento Abierto por medio de la subcadena login?ReturnTo=, como es demostrado al omitir el // después de http: en la URL de destino. • https://github.com/Uninett/mod_auth_mellon/issues/35#issuecomment-503974885 https://lists.debian.org/debian-lts-announce/2023/03/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5E3JVHURJJNDP63CKVX5O5MJAGCQV4K https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XU5GVFZW3C2M4ZBL4F7UP7N24FNUCX4E https://usn.ubuntu.com/4291-1 https://www.oracle.com/security-alerts/cpuapr2022.html https://access.redhat.com/security/cve/CVE- • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2019-5834
https://notcve.org/view.php?id=CVE-2019-5834
Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page. La insuficiente validación de datos en Blink en Google Chrome antes de 75.0.3770.80 permitió que un atacante remoto realizara una falsificación de dominio a través de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html https://crbug.com/962368 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI https://seclists.org/bugtraq/2019/Aug/19 https://security.gentoo.org/glsa/201908-18 https: • CWE-346: Origin Validation Error •