CVSS: 4.4EPSS: 0%CPEs: 32EXPL: 0CVE-2019-2614 – mysql: Server: Replication unspecified vulnerability (CPU Apr 2019)
https://notcve.org/view.php?id=CVE-2019-2614
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00035.html http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://access.redhat.com/errata/RHSA-2019:2327 https://access.redhat.com/errata/RHSA-2019:2484 https://access.redhat.com/errata/RHSA-2019:2511 https://access.redhat.com/errata/RHSA-2019:3708 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.o •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-10691
https://notcve.org/view.php?id=CVE-2019-10691
The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username. El codificador JSON en Dovecot versiones anteriores a 2.3.5.2 permite a los atacantes bloquear repetidamente el servicio de autenticación al intentar autenticarse con una secuencia UTF-8 no válida como nombre de usuario. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00000.html http://www.openwall.com/lists/oss-security/2019/04/18/3 https://dovecot.org/list/dovecot-news/2019-April/000406.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QHFZ5OWRIZGIWZJ5PTNVWWZNLLNH4XYS https://security.gentoo.org/glsa/201908-29 •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2019-11474
https://notcve.org/view.php?id=CVE-2019-11474
coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (floating-point exception and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009. coders/xwd.c en GraphicsMagick 1.3.31, permite a los atacantes causar una denegación de servicio (excepción en coma flotante y un cierre inesperado de la aplicación) al crear un archivo de imagen XWD, una vulnerabilidad diferente a CVE-2019-11008 y CVE-2019-11009. • http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/5402c5cbd8bd http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/944dcbc457f8 http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00055.html http://www.graphicsmagick.org/Changelog.html http://www.securityfocus.com/bid/108055 https://lists.debian.org/debian-lts-announce/2019/05/msg00027.html htt • CWE-682: Incorrect Calculation CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 23EXPL: 0CVE-2019-11459 – evince: uninitialized memory use in function tiff_document_render() and tiff_document_get_thumbnail()
https://notcve.org/view.php?id=CVE-2019-11459
The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files. Las funciones tiff_document_render() y tiff_document_get_thumbnail() en el backend de documentos TIFF en GNOME Evince hasta las versiones 3.32.0 no manejaron errores de TIFFReadRGBAImageOriented(), lo que llevó a un uso de memoria no inicializado cuando se procesaron ciertos archivos de imagen TIFF. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00089.html https://access.redhat.com/errata/RHSA-2019:3553 https://gitlab.gnome.org/GNOME/evince/issues/1129 https://lists.debian.org/debian-lts-announce/2019/08/msg00013.html https://lists.debian.org/debian-lts-announce/2019/08/msg00014.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LU4YZK5S46TZAH4J3NYYUYFMOC47LJG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject • CWE-125: Out-of-bounds Read CWE-754: Improper Check for Unusual or Exceptional Conditions CWE-908: Use of Uninitialized Resource •
CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0CVE-2019-11235 – freeradius: eap-pwd: authentication bypass via an invalid curve attack
https://notcve.org/view.php?id=CVE-2019-11235
FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499. FreeRADIUS versión anterior a 3.0.19 no maneja correctamente el mecanismo de protección "cada participante verifica que el escalar recibido está dentro de un rango, y que el elemento de grupo recibido es un punto válido en la curva que se está utilizando", alias "Dragonblood", este problema es similar a CVE-2019-9498 y CVE-2019-9499. A vulnerability was found in FreeRadius. An invalid curve attack allows an attacker to authenticate as any user, without knowing the password. FreeRADIUS doesn't verify whether the received elliptic curve point is valid. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html https://access.redhat.com/errata/RHSA-2019:1131 https://access.redhat.com/errata/RHSA-2019:1142 https://bugzilla.redhat.com/show_bug.cgi?id=1695748 https://freeradius.org/release_notes/?br=3.0.x&re=3.0.19 https://freeradius.org/security https://papers.math • CWE-345: Insufficient Verification of Data Authenticity •