Page 127 of 3742 results (0.020 seconds)

CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0

CVE-2019-18603

https://notcve.org/view.php?id=CVE-2019-18603

OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent over the network to a peer. OpenAFS versiones anteriores a la versión 1.6.24 y versiones 1.8.x anteriores a la versión 1.8.5, es propenso al filtrado de información en determinadas condiciones de error porque las variables de salida RPC no inicializadas son enviadas a través de la red a un peer. • https://lists.debian.org/debian-lts-announce/2019/11/msg00002.html https://openafs.org/pages/security/OPENAFS-SA-2019-001.txt • CWE-908: Use of Uninitialized Resource •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2011-4931

https://notcve.org/view.php?id=CVE-2011-4931

gpw generates shorter passwords than required gpw genera contraseñas más cortas que lo requerido. • http://www.openwall.com/lists/oss-security/2012/01/17/13 https://access.redhat.com/security/cve/cve-2011-4931 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651510 https://security-tracker.debian.org/tracker/CVE-2011-4931 • CWE-521: Weak Password Requirements •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2009-3723

https://notcve.org/view.php?id=CVE-2009-3723

asterisk allows calls on prohibited networks asterisk, permite llamadas sobre redes prohibidas • http://downloads.asterisk.org/pub/security/AST-2009-007.html https://access.redhat.com/security/cve/cve-2009-3723 https://security-tracker.debian.org/tracker/CVE-2009-3723 • CWE-863: Incorrect Authorization •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2010-3373

https://notcve.org/view.php?id=CVE-2010-3373

paxtest handles temporary files insecurely paxtest, maneja archivos temporales de manera no segura. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598413 https://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-3373.html https://security-tracker.debian.org/tracker/CVE-2010-3373 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 2

CVE-2019-17596 – golang: invalid public key causes panic in dsa.Verify

https://notcve.org/view.php?id=CVE-2019-17596

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates. Go versiones anteriores a 1.12.11 y versiones 1.3.x anteriores a 1.13.2, puede entrar en pánico tras intentar procesar el tráfico de red que contiene una clave pública DSA no válida. Existen varios escenarios de ataque, tal y como el tráfico de un cliente hacia un servidor que comprueba los certificados del cliente. • https://github.com/pquerna/poc-dsa-verify-CVE-2019-17596 http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html https://access.redhat.com/errata/RHSA-2020:0101 https://access.redhat.com/errata/RHSA-2020:0329 https://github.com/golang/go/issues/34960 https://groups.google.com/d/msg/golang-announce/lVEm7llp0w0/VbafyRkgCgAJ https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html https& • CWE-295: Improper Certificate Validation CWE-436: Interpretation Conflict •