Page 12 of 580 results (0.013 seconds)

CVSS: 5.9EPSS: 0%CPEs: 73EXPL: 0

CVE-2019-2684 – OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453)

https://notcve.org/view.php?id=CVE-2019-2684

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html http://www.openwall.com/lists/oss-security/2020/09/01/4 http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://access.redhat.com/errata/RHBA-2019:0959 https://access.re •

CVSS: 9.8EPSS: 0%CPEs: 31EXPL: 0

CVE-2019-11068 – libxslt: xsltCheckRead and xsltCheckWrite routines security bypass by crafted URL

https://notcve.org/view.php?id=CVE-2019-11068

libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. libxslt hasta la versión 1.1.33 permite omitir los mecanismos de protección debido a que los callers xsltCheckRead y xsltCheckWrite permiten acceso incluso después de recibir el código de error -1. xsltCheckRead puede devolver -1 para una URL creada que no es realmente inválida y que se carga posteriormente. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html http://www.openwall.com/lists/oss-security/2019/04/22/1 http://www.openwall.com/lists/oss-security/2019/04/23/5 https • CWE-284: Improper Access Control •

CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 1

CVE-2019-10903

https://notcve.org/view.php?id=CVE-2019-10903

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check. En Wireshark 2.4.0 a 2.4.13, 2.6.0 a 2.6.7, y 3.0.0, el disector DCERPC SPOOLSS podría cerrarse inesperadamente. Esto fue tratado en epan/disectores/packet-dcerpc-spoolss.c añadiendo una comprobación de límites. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/107834 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15568 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=eafdcfa4b6d5187a5326442a82608ab03d9dddcb https://lists.debian.org/debian-lts-announce/2019/05/msg00034.html https:/ • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 1

CVE-2019-10901

https://notcve.org/view.php?id=CVE-2019-10901

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly. En Wireshark 2.4.0 a 2.4.13, 2.6.0 a 2.6.7 y 3.0.0, el disector LDSS podría cerrarse de forma inesperada. Esto fue tratado en epan/disectores/packet-ldsss.c mediante el manejo adecuado de los archivos de digest. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/107834 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15620 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=cf801a25074f76dc3ae62d8ec53ace75f56ce2cd https://lists.debian.org/debian-lts-announce/2019/05/msg00034.html https:/ • CWE-476: NULL Pointer Dereference •

CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 1

CVE-2019-10899

https://notcve.org/view.php?id=CVE-2019-10899

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read. En Wireshark 2.4.0 a 2.4.13, 2.6.0 a 2.6.7 y 3.0.0, el disector SRVLOC podría fallar. Esto se abordó en epan/disectors/packet-srvloc.c evitando una lectura insuficiente del búfer basado en pilas. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/107834 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15546 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=b16fea2f175a3297edac118c8844c7987d31c1cb https://lists.debian.org/debian-lts-announce/2019/05/msg00034.html https:/ • CWE-125: Out-of-bounds Read •