Page 151 of 3742 results (0.018 seconds)

CVSS: 9.8EPSS: 52%CPEs: 5EXPL: 1

CVE-2019-11500 – dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes

https://notcve.org/view.php?id=CVE-2019-11500

In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution. En Dovecot versiones anteriores a 2.2.36.4 y versiones 2.3.x anteriores a 2.3.7.2 (y Pigeonhole versiones anteriores a 0.5.7.2), el procesamiento del protocolo puede fallar para cadenas entre comillas. Esto ocurre porque los caracteres '\0' se manejan inapropiadamente y pueden generar escrituras fuera de límites y ejecución de código remota. A flaw was found in dovecot. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00026.html http://www.openwall.com/lists/oss-security/2019/08/28/3 https://access.redhat.com/errata/RHSA-2019:2822 https://access.redhat.com/errata/RHSA-2019:2836 https://access.redhat.com/errata/RHSA-2019:2885 https://dovecot.org/pipermail/dovecot-news/2019-August/000417.html https://lists.debian.org/debian-lts-announce/2019/08/msg00035.html • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2019-13273

https://notcve.org/view.php?id=CVE-2019-13273

In Xymon through 4.3.28, a buffer overflow vulnerability exists in the csvinfo CGI script. The overflow may be exploited by sending a crafted GET request that triggers an sprintf of the srcdb parameter. En Xymon a través de 4.3.28, existe una vulnerabilidad de desbordamiento de búfer en el script CGI csvinfo. El desbordamiento se puede aprovechar enviando una solicitud GET creada que desencadena una sprintf del parámetro srcdb. • https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/csvinfo.c https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html • CWE-787: Out-of-bounds Write •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2019-13274

https://notcve.org/view.php?id=CVE-2019-13274

In Xymon through 4.3.28, an XSS vulnerability exists in the csvinfo CGI script due to insufficient filtering of the db parameter. En Xymon a través de 4.3.28, existe una vulnerabilidad XSS en el script CGI csvinfo debido a un filtrado insuficiente del parámetro db. • https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/csvinfo.c https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2019-13451

https://notcve.org/view.php?id=CVE-2019-13451

In Xymon through 4.3.28, a buffer overflow vulnerability exists in history.c. En Xymon a través de 4.3.28, existe una vulnerabilidad de desbordamiento de búfer en history.c. • https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/history.c https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html https://lists.xymon.com/archive/2019-July/046570.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2019-13452

https://notcve.org/view.php?id=CVE-2019-13452

In Xymon through 4.3.28, a buffer overflow vulnerability exists in reportlog.c. En Xymon a través de 4.3.28, existe una vulnerabilidad de desbordamiento de búfer en reportlog.c. • https://github.com/svn2github/xymon/blob/master/branches/4.3.28/web/reportlog.c https://lists.debian.org/debian-lts-announce/2019/08/msg00032.html https://lists.xymon.com/archive/2019-July/046570.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •