CVSS: 7.7EPSS: 0%CPEs: 8EXPL: 1CVE-2019-3814 – dovecot: Improper certificate validation
https://notcve.org/view.php?id=CVE-2019-3814
05 Feb 2019 — It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users. Se ha descubierto que Dovecot, en versiones anteriores a la 2.2.36.1 y 2.3.4.1, gestiona de manera incorrecta los certificados del cliente. Un atacante remoto en posesión de un certificado válido con un campo "username" vacío podría emplear este problema para s... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00067.html • CWE-295: Improper Certificate Validation •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-18360 – kernel: Division by zero in change_port_settings in drivers/usb/serial/io_ti.c resulting in a denial of service
https://notcve.org/view.php?id=CVE-2017-18360
31 Jan 2019 — In change_port_settings in drivers/usb/serial/io_ti.c in the Linux kernel before 4.11.3, local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates. En change_port_settings en drivers/usb/serial/io_ti.c en el kernel de Linux, en versiones anteriores a la 4.11.3, los usuarios locales podrían provocar una denegación de servicio (DoS) por medio de una división entre cero en la capa del dispositivo en serie intentando establecer tasas de baud... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6aeb75e6adfaed16e58780309613a578fe1ee90b • CWE-369: Divide By Zero •
CVSS: 9.3EPSS: 10%CPEs: 11EXPL: 2CVE-2019-3462 – Debian Security Advisory 4371-1
https://notcve.org/view.php?id=CVE-2019-3462
22 Jan 2019 — Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine. El saneamiento incorrecto de un campo de redirección 302 en el método HTTP "transport" en apt, en versiones 1.4.8 y anteriores, puede conducir a la inyección de contenido por parte de un atacante MITM, lo que puede conducir a la ejecución remota de código en el equipo objetivo. Max Justi... • https://github.com/tonejito/check_CVE-2019-3462 •
CVSS: 7.3EPSS: 0%CPEs: 17EXPL: 0CVE-2019-6133 – polkit: Temporary auth hijacking via PID reuse and non-atomic fork
https://notcve.org/view.php?id=CVE-2019-6133
11 Jan 2019 — In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c. En PolicyKit (también conocido como polkit) 0.115, el mecanismo de protección "start time" puede omitirse debido a que fork() no es atómico y, por lo tanto, las decisiones de autorización se cachean incorrectamente. Esto está relacionado co... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00049.html • CWE-284: Improper Access Control CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 4%CPEs: 8EXPL: 1CVE-2019-6128 – Gentoo Linux Security Advisory 202003-25
https://notcve.org/view.php?id=CVE-2019-6128
11 Jan 2019 — The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb. La función TIFFdOpen en tif_unix.c en LibTIFF 4.0.10 tiene una fuga de memoria, tal y como queda demostrado con pal2rgb. It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user priv... • http://bugzilla.maptools.org/show_bug.cgi?id=2836 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.5EPSS: 1%CPEs: 7EXPL: 1CVE-2018-20544 – Ubuntu Security Notice USN-3860-1
https://notcve.org/view.php?id=CVE-2018-20544
28 Dec 2018 — There is floating point exception at caca/dither.c (function caca_dither_bitmap) in libcaca 0.99.beta19. Hay un acceso de ESCRITURA ilegal en la memoria en common-image.c (función load_image) en libcaca 0.99.beta19 para los datos 4bpp. It was discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service. It was discovered that libcaca incorrectly handled certain images. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00033.html • CWE-369: Divide By Zero •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 2CVE-2018-20545
https://notcve.org/view.php?id=CVE-2018-20545
28 Dec 2018 — There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 4bpp data. Hay un acceso de ESCRITURA de memoria ilegal en common-image.c (en la función load_image) en los datos 4bpp de la versión 0.99.beta19 de libcaca. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00033.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.1EPSS: 0%CPEs: 11EXPL: 1CVE-2018-20546
https://notcve.org/view.php?id=CVE-2018-20546
28 Dec 2018 — There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp case. Hay un acceso de LECTURA ilegal en la memoria en caca/dither.c (función get_rgba_default) en libcaca 0.99.beta19 para el caso bpp por defecto. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00033.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.1EPSS: 1%CPEs: 11EXPL: 1CVE-2018-20547
https://notcve.org/view.php?id=CVE-2018-20547
28 Dec 2018 — There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for 24bpp data. Hay un acceso de LECTURA ilegal en la memoria en caca/dither.c (función get_rgba_default) en libcaca 0.99.beta19 para los datos 24bpp. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00033.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 1CVE-2018-20548 – Ubuntu Security Notice USN-3860-1
https://notcve.org/view.php?id=CVE-2018-20548
28 Dec 2018 — There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 1bpp data. Hay un acceso de ESCRITURA ilegal en la memoria en common-image.c (función load_image) en libcaca 0.99.beta19 para los datos 1bpp. It was discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service. It was discovered that libcaca incorrectly handled certain images. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00033.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •