CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 3CVE-2019-19204 – oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c
https://notcve.org/view.php?id=CVE-2019-19204
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read. Se detectó un problema en Oniguruma versiones 6.x anteriores a 6.9.4_rc2. En la función fetch_interval_quantifier (anteriormente conocida como fetch_range_quantifier) ?? • https://github.com/ManhNDd/CVE-2019-19204 https://github.com/tarantula-team/CVE-2019-19204 https://github.com/kkos/oniguruma/issues/162 https://github.com/kkos/oniguruma/releases/tag/v6.9.4_rc2 https://lists.debian.org/debian-lts-announce/2019/12/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NO267PLHGYZSWX3XTRPKYBKD4J3YOU5V https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3MBNW6Z4DOXSCNWGBLQ7OA3OGUJ44WL ht • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2014-1936
https://notcve.org/view.php?id=CVE-2014-1936
rc before 1.7.1-5 insecurely creates temporary files. rc versiones anteriores a 1.7.1-5, crea archivos temporales de manera no segura. • http://www.openwall.com/lists/oss-security/2014/02/11/1 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737125 https://security-tracker.debian.org/tracker/CVE-2014-1936 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 1CVE-2014-1935
https://notcve.org/view.php?id=CVE-2014-1935
9base 1:6-6 and 1:6-7 insecurely creates temporary files which results in predictable filenames. 9base versiones 1: 6-6 y 1: 6-7, crea archivos temporales de manera no segura que resulta en nombres de archivo predecibles. • http://www.openwall.com/lists/oss-security/2014/02/11/1 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737206 https://security-tracker.debian.org/tracker/CVE-2014-1935 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2014-0083
https://notcve.org/view.php?id=CVE-2014-0083
The Ruby net-ldap gem before 0.11 uses a weak salt when generating SSHA passwords. La gema net-ldap de Ruby versiones anteriores a 0.11 usa una sal débil cuando genera contraseñas SSHA. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0083 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-0083 https://github.com/ruby-ldap/ruby-net-ldap/commit/b412ca05f6b430eaa1ce97ac95885b4cf187b04a https://security-tracker.debian.org/tracker/CVE-2014-0083 • CWE-916: Use of Password Hash With Insufficient Computational Effort •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2012-2350
https://notcve.org/view.php?id=CVE-2012-2350
pam_shield before 0.9.4: Default configuration does not perform protective action pam_shield versiones anteriores a 0.9.4: la configuración predeterminada no realiza una acción protectora • http://www.openwall.com/lists/oss-security/2012/05/12/3 https://access.redhat.com/security/cve/cve-2012-2350 https://security-tracker.debian.org/tracker/CVE-2012-2350 • CWE-20: Improper Input Validation •