Page 107 of 733 results (0.034 seconds)

CVSS: 8.1EPSS: 0%CPEs: 28EXPL: 0

CVE-2019-9498 – The implementations of EAP-PWD in hostapd EAP Server do not validate the scalar and element values in EAP-pwd-Commit

https://notcve.org/view.php?id=CVE-2019-9498

The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected. Las implementaciones del componente EAP-PWD en hostapd en EAP Server, cuando se construyen contra una biblioteca criptográfica sin comprobación explícita en elementos importados, no comprueban los valores escalares y de elementos en EAP-pwd-Commit. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ https://seclists.org/bugtraq& • CWE-287: Improper Authentication CWE-346: Origin Validation Error •

CVSS: 8.1EPSS: 0%CPEs: 28EXPL: 0

CVE-2019-9499 – The implementations of EAP-PWD in wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit

https://notcve.org/view.php?id=CVE-2019-9499

The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected. Las implementaciones del componente EAP-PWD en wpa_supplicant EAP Peer, cuando se construyen contra una biblioteca criptográfica que carece de comprobación explícita en elementos importados, no comprueban los valores escalares y de elementos en EAP-pwd-Commit. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ https://seclists.org/bugtraq& • CWE-287: Improper Authentication CWE-346: Origin Validation Error •

CVSS: 9.8EPSS: 0%CPEs: 31EXPL: 0

CVE-2019-11068 – libxslt: xsltCheckRead and xsltCheckWrite routines security bypass by crafted URL

https://notcve.org/view.php?id=CVE-2019-11068

libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. libxslt hasta la versión 1.1.33 permite omitir los mecanismos de protección debido a que los callers xsltCheckRead y xsltCheckWrite permiten acceso incluso después de recibir el código de error -1. xsltCheckRead puede devolver -1 para una URL creada que no es realmente inválida y que se carga posteriormente. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html http://www.openwall.com/lists/oss-security/2019/04/22/1 http://www.openwall.com/lists/oss-security/2019/04/23/5 https • CWE-284: Improper Access Control •

CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 1

CVE-2019-10903

https://notcve.org/view.php?id=CVE-2019-10903

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check. En Wireshark 2.4.0 a 2.4.13, 2.6.0 a 2.6.7, y 3.0.0, el disector DCERPC SPOOLSS podría cerrarse inesperadamente. Esto fue tratado en epan/disectores/packet-dcerpc-spoolss.c añadiendo una comprobación de límites. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/107834 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15568 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=eafdcfa4b6d5187a5326442a82608ab03d9dddcb https://lists.debian.org/debian-lts-announce/2019/05/msg00034.html https:/ • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 1

CVE-2019-10901

https://notcve.org/view.php?id=CVE-2019-10901

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly. En Wireshark 2.4.0 a 2.4.13, 2.6.0 a 2.6.7 y 3.0.0, el disector LDSS podría cerrarse de forma inesperada. Esto fue tratado en epan/disectores/packet-ldsss.c mediante el manejo adecuado de los archivos de digest. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/107834 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15620 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=cf801a25074f76dc3ae62d8ec53ace75f56ce2cd https://lists.debian.org/debian-lts-announce/2019/05/msg00034.html https:/ • CWE-476: NULL Pointer Dereference •