CVSS: 7.8EPSS: 58%CPEs: 19EXPL: 1CVE-2018-20843 – expat: large number of colons in input makes parser consume high amount of resources, leading to DoS
https://notcve.org/view.php?id=CVE-2018-20843
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks). En libexpat en Expat anterior a versión 2.2.7, una entrada XML incluyendo nombres XML que contienen una gran cantidad de "dos puntos", podría hacer que el analizador XML consuma una gran cantidad de recursos de RAM y CPU durante el procesamiento (lo suficiente como para ser utilizables en ataques de denegación de servicio) . It was discovered that the "setElementTypePrefix()" function incorrectly extracted XML namespace prefixes. By tricking an application into processing a specially crafted XML file, an attacker could cause unusually high consumption of memory resources and possibly lead to a denial of service. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00039.html https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226 https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes https://github.com/libexpat/libexpat/issues/186 https://github.com/libexpat/libexpat/pull/262 https://github.com/libexpat/libexpat/pull/262/commits/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6 https://lists.debian.org/debian-lts-announce/2019/06/msg00028.html https://lists.fedoraproject.org/archives/ • CWE-400: Uncontrolled Resource Consumption CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.4EPSS: 0%CPEs: 9EXPL: 0CVE-2019-12098
https://notcve.org/view.php?id=CVE-2019-12098
In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c. En el lado del cliente de Heimdal anterior de la versión 7.6.0, el fallo en la comprobación anónima del intercambio de claves PKINIT PA-PKINIT-KX permite un ataque de tipo man-in-the-middle. Este problema está en krb5_init_creds_step en lib/krb5/init_creds_pw.c. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00026.html http://www.h5l.org/pipermail/heimdal-announce/2019-May/000009.html https://github.com/heimdal/heimdal/commit/2f7f3d9960aa6ea21358bdf3687cee5149aa35cf https://github.com/heimdal/heimdal/compare/3e58559...bbafe72 https://github.com/heimdal/heimdal/releases/tag/heimdal-7.6.0 https:/&# •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2019-11627
https://notcve.org/view.php?id=CVE-2019-11627
gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID. gpg-key2ps en signing-party versión 1.1.x y 2.x anteriores a la 2.10-1 contiene una llamada de shell insegura que permite la inyección de shell a través de un ID de usuario. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00029.html https://bugs.debian.org/928256 https://lists.debian.org/debian-lts-announce/2019/05/msg00001.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-3833 – openwsman: Infinite loop in process_connection() allows denial of service
https://notcve.org/view.php?id=CVE-2019-3833
Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server. Openwsman, en versiones hasta e incluyendo la 2.6.9, es vulnerable a un bucle infinito en process_connection() al analizar peticiones HTTP especialmente manipuladas. Un atacante remoto no autenticado podría explotar esta vulnerabilidad enviando una petición HTTP especialmente manipulada para provocar una denegación de servicio (DoS) en el servidor openwsman. • http://bugzilla.suse.com/show_bug.cgi?id=1122623 http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00065.html http://www.securityfocus.com/bid/107367 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3833 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2V5HJ355RSKMFQ7GRJAHRZNDVXASF7TA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2019-3816 – openwsman: Disclosure of arbitrary files outside of the registered URIs
https://notcve.org/view.php?id=CVE-2019-3816
Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server. Openwsman, en versiones hasta e incluyendo la 2.6.9, es vulnerable a una divulgación de archivos arbitrarios debido a que el directorio de trabajo del demonio openwsmand se establecía en el directorio root. Un atacante remoto no autenticado podría explotar esta vulnerabilidad enviando una petición HTTP especialmente manipulada al servidor openwsman. • http://bugzilla.suse.com/show_bug.cgi?id=1122623 http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00065.html http://www.securityfocus.com/bid/107368 http://www.securityfocus.com/bid/107409 https://access.redhat.com/errata/RHSA-2019:0638 https://access.redhat.com/errata/RHSA-2019:0972 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3816 https://lists.fedoraproject.org/archives/list/package& • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •