CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2018-4056 – Debian Security Advisory 4373-1
https://notcve.org/view.php?id=CVE-2018-4056
28 Jan 2019 — An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a specially crafted username can cause an SQL injection, resulting in authentication bypass, which could give access to the TURN server administrator web portal. An attacker can log in via the external interface of the TURN server to trigger this vulnerability. Existe una vulnerabilidad de Inyección SQL explotable en la función del portal web de administrador de... • https://lists.debian.org/debian-lts-announce/2019/02/msg00017.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 90%CPEs: 12EXPL: 3CVE-2019-6977 – PHP 7.2 - 'imagecolormatch()' Out of Band Heap Write
https://notcve.org/view.php?id=CVE-2019-6977
27 Jan 2019 — gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data. gdImageColorMatch in gd_color_match.c en la versión 2.2.5 de GD Graphics Library (también conocido como LibGD), tal y como se utiliza en la función imagecolormat... • https://packetstorm.news/files/id/152459 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 68%CPEs: 2EXPL: 0CVE-2019-6799 – Ubuntu Security Notice USN-4639-1
https://notcve.org/view.php?id=CVE-2019-6799
26 Jan 2019 — An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of "options(MYSQLI_OPT_LOCAL_INFILE" calls. Se ha descubierto un problema en phpMyAdmin en versiones anteriores a la 4.8.5. Cuando el ajuste de configuración "AllowArbitrarySe... • http://www.securityfocus.com/bid/106736 •
CVSS: 4.9EPSS: 0%CPEs: 7EXPL: 0CVE-2019-3819 – Ubuntu Security Notice USN-4115-1
https://notcve.org/view.php?id=CVE-2019-3819
25 Jan 2019 — A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ("root") can cause a system lock up and a denial of service. Versions from v4.18 and newer are vulnerable. Se ha detectado un fallo en el kernel de Linux, en la función hid_debug_events_read() en el archivo en drivers/hid/hid-debug.c, que podría entrar en un bucle infinito con determinados paráme... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00052.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 4%CPEs: 3EXPL: 0CVE-2018-20743 – Debian Security Advisory 4402-1
https://notcve.org/view.php?id=CVE-2018-20743
25 Jan 2019 — murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood. murmur en Mumble, hasta la versión 1.2.19 antes del 31/08/2018, gestiona de manera incorrecta múltiples peticiones concurrentes que persisten en la base de datos, lo que permite a los atacantes remotos provocar una denegación de servicio (bloqueo o cierre inesperado del demonio) med... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00045.html • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 1CVE-2019-6956 – Debian Security Advisory 5109-1
https://notcve.org/view.php?id=CVE-2019-6956
25 Jan 2019 — An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c. Se ha descubierto un problema en la versión 2.8.8 de Freeware Advanced Audio Decoder 2 (FAAD2). Se trata de una sobrelectura de búfer en ps_mix_phase en libfaad/ps_dec.c. Multiple vulnerabilities have been discovered in the freeware Advanced Audio Decoder, which may result in denial of service or potentially the execution of arbitrary code if malformed media files are pro... • https://github.com/TeamSeri0us/pocs/blob/master/faad/global-buffer-overflow%40ps_mix_phase.md • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 1CVE-2017-18359 – openSUSE Security Advisory - openSUSE-SU-2022:10042-1
https://notcve.org/view.php?id=CVE-2017-18359
25 Jan 2019 — PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote attackers to cause a denial of service via crafted ST_AsX3D function input, as demonstrated by an abnormal server termination for "SELECT ST_AsX3D('LINESTRING EMPTY');" because empty geometries are mishandled. PostGIS, en sus versiones 2.x anteriores a la 2.3.3, tal y como se utiliza con PostgreSQL permite a los atacantes remotos provocar una denegación de servicio (DoS) mediante las entradas de la función ST_AsX3D manipuladas, tal y como qued... • https://lists.debian.org/debian-lts-announce/2019/01/msg00030.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 22%CPEs: 9EXPL: 3CVE-2019-6690 – Python GnuPG 0.4.3 Improper Input Validation
https://notcve.org/view.php?id=CVE-2019-6690
25 Jan 2019 — python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting the affect functionality component. python-gnupg 0.4.3 permite que los atacantes dependientes del contexto engañen a gnupg para descifrar texto cifrado diferente al planeado. Para realizar el ataque, la frase de co... • https://packetstorm.news/files/id/151341 • CWE-20: Improper Input Validation •
CVSS: 8.2EPSS: 2%CPEs: 5EXPL: 0CVE-2019-6486 – Debian Security Advisory 4379-1
https://notcve.org/view.php?id=CVE-2019-6486
24 Jan 2019 — Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks. Go, en versiones anteriores a la 1.10.8 y las versiones 1.11.x anteriores a la 1.11.5, gestionan de manera incorrecta las curvas elípticas P-521 y P-384, que permiten que los atacantes provoquen una denegación de servicio (consumo de CPU) o lleven a cabo ataques de recuperación de la clave privada EC... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00042.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 64%CPEs: 18EXPL: 5CVE-2019-6116 – Ghostscript 9.26 - Pseudo-Operator Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-6116
23 Jan 2019 — In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution. En Artifex Ghostscript hasta la versión 9.26, los procedimientos ephemeral o transient pueden permitir el acceso a los operadores del sistema, lo que conduce a la ejecución remota de código. It was found that ghostscript could leak sensitive operators on the operand stack when a pseudo-operator pushes a subroutine. A specially crafted PostScript file could use this f... • https://packetstorm.news/files/id/151307 •