CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2019-16378
https://notcve.org/view.php?id=CVE-2019-16378
OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be relevant to the origin of an e-mail message. OpenDMARC versiones hasta 1.3.2 y versiones 1.4.x hasta 1.4.0-Beta1, es propenso a una vulnerabilidad de omisión de firma con múltiples direcciones From: que podrían afectar aplicaciones que consideran que un nombre de dominio es relevante para el origen de un mensaje de correo electrónico . • http://www.openwall.com/lists/oss-security/2019/09/17/2 https://bugs.debian.org/940081 https://github.com/trusteddomainproject/OpenDMARC/pull/48 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HEWDFGRKQHIWKFZH5BNWQDGUPNR7VH3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEUBIHJLMPMB6KHOSGDMUQKSAW4HOCYM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y7RT6ID7MBCEPNZEIUKK2TZIOCYPJR6E https://seclists& • CWE-290: Authentication Bypass by Spoofing •
CVSS: 6.5EPSS: 82%CPEs: 4EXPL: 3CVE-2019-12922 – phpMyAdmin 4.9.0.1 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2019-12922
A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page. Un problema de tipo CSRF en phpMyAdmin versión 4.9.0.1, permite la eliminación de cualquier servidor en la página de Setup. phpMyAdmin version 4.9.0.1 suffers from a cross site request forgery vulnerability. • https://www.exploit-db.com/exploits/47385 http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00078.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html http://packetstormsecurity.com/files/154483/phpMyAdmin-4.9.0.1-Cross-Site-Request-Forgery.html http://seclists.org/fulldisclosure/2019/Sep/23 https://github.com/phpmyadmin/phpmyadmin/commit/427fbed55d3154d96ecfc1c7784d49eaa3c04161 https://github.com/phpmyadmin/phpmyadmin/commit/7d21d4223bdbe0306593309132b4263d7087d13b https://lists.fed • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-16235
https://notcve.org/view.php?id=CVE-2019-16235
Dino before 2019-09-10 does not properly check the source of a carbons message in module/xep/0280_message_carbons.vala. Dino antes del 10-09-2019, no comprueba correctamente la fuente de un mensaje carbons en el archivo module/xep/0280_message_carbons.vala. • http://www.openwall.com/lists/oss-security/2019/09/12/5 https://github.com/dino/dino/commit/e84f2c49567e86d2a261ea264d65c4adc549c930 https://gultsch.de/dino_multiple.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5TMGQ5Q6QMIFG4NVUWMOWW3GIPGWQZVF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZBNQAOBWTIOKNO4PIYNX624ACGUXSXQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YUBM7GDZBB6MZZALDWYRAPNV6HJNLNMC h • CWE-346: Origin Validation Error •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-16236
https://notcve.org/view.php?id=CVE-2019-16236
Dino before 2019-09-10 does not check roster push authorization in module/roster/module.vala. Dino antes del 10-09-2019, no comprueba la autorización de inserción de lista en el archivo module/roster/module.vala. • http://www.openwall.com/lists/oss-security/2019/09/12/5 https://github.com/dino/dino/commit/dd33f5f949248d87d34f399e8846d5ee5b8823d9 https://gultsch.de/dino_multiple.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5TMGQ5Q6QMIFG4NVUWMOWW3GIPGWQZVF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZBNQAOBWTIOKNO4PIYNX624ACGUXSXQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YUBM7GDZBB6MZZALDWYRAPNV6HJNLNMC h • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-16237
https://notcve.org/view.php?id=CVE-2019-16237
Dino before 2019-09-10 does not properly check the source of an MAM message in module/xep/0313_message_archive_management.vala. Dino antes del 10-09-2019, no comprueba correctamente la fuente de un mensaje MAM en el archivo module/xep/0313_message_archive_management.vala. • http://www.openwall.com/lists/oss-security/2019/09/12/5 https://github.com/dino/dino/commit/307f16cc86dd2b95aa02ab8a85110e4a2d5e7363 https://gultsch.de/dino_multiple.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5TMGQ5Q6QMIFG4NVUWMOWW3GIPGWQZVF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZBNQAOBWTIOKNO4PIYNX624ACGUXSXQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YUBM7GDZBB6MZZALDWYRAPNV6HJNLNMC h • CWE-346: Origin Validation Error •