CVSS: 7.5EPSS: 0%CPEs: 36EXPL: 0CVE-2019-20388 – libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c
https://notcve.org/view.php?id=CVE-2019-20388
21 Jan 2020 — xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. La función xmlSchemaPreRun en el archivo xmlschemas.c en libxml2 versión 2.9.10, permite una pérdida de memoria de la función xmlSchemaValidateStream. A memory leak was found in the xmlSchemaValidateStream function of libxml2. Applications that use this library may be vulnerable to memory not being freed leading to a denial of service. System availability is the highest threat from this vulnerability. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.9EPSS: 1%CPEs: 15EXPL: 0CVE-2020-2585 – Gentoo Linux Security Advisory 202209-15
https://notcve.org/view.php?id=CVE-2020-2585
15 Jan 2020 — Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running san... • https://security.gentoo.org/glsa/202006-22 •
CVSS: 5.3EPSS: 1%CPEs: 37EXPL: 0CVE-2019-13118 – Apple Security Advisory 2019-7-22-5
https://notcve.org/view.php?id=CVE-2019-13118
01 Jul 2019 — In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. En el archivo numbers.c en libxslt versión 1.1.33, un tipo que contiene caracteres de agrupación de una instrucción xsl:number era demasiado estrecho y una combinación de carácter/longitud no válida se podía ser pasada a la función xsltNumberFormatDecimal, conllevan... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.8EPSS: 0%CPEs: 31EXPL: 0CVE-2019-11068 – libxslt: xsltCheckRead and xsltCheckWrite routines security bypass by crafted URL
https://notcve.org/view.php?id=CVE-2019-11068
10 Apr 2019 — libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. libxslt hasta la versión 1.1.33 permite omitir los mecanismos de protección debido a que los callers xsltCheckRead y xsltCheckWrite permiten acceso incluso después de recibir el código de error -1. xsltCheckRead puede devolver -1 para una URL ... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 57EXPL: 1CVE-2019-7317 – libpng: use-after-free in png_image_free in png.c
https://notcve.org/view.php?id=CVE-2019-7317
04 Feb 2019 — png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. La función png_image_free en el archivo png.c en libpng versiones 1.6.x anteriores a 1.6.37, presenta un uso de la memoria previamente liberada porque la función png_image_free_function es llamada bajo png_safe_execute. It was discovered that OpenJDK did not sufficiently validate serial streams before deserializing suppressed exceptions in some situations. An attacker ... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html • CWE-400: Uncontrolled Resource Consumption CWE-416: Use After Free •
CVSS: 9.0EPSS: 0%CPEs: 21EXPL: 0CVE-2018-2938
https://notcve.org/view.php?id=CVE-2018-2938
18 Jul 2018 — Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java DB). Supported versions that are affected are Java SE: 6u191, 7u181 and 8u172. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html •
CVSS: 8.3EPSS: 0%CPEs: 19EXPL: 0CVE-2018-2942
https://notcve.org/view.php?id=CVE-2018-2942
18 Jul 2018 — Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Windows DLL). Supported versions that are affected are Java SE: 7u181 and 8u172. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can r... • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html •
CVSS: 4.3EPSS: 0%CPEs: 33EXPL: 0CVE-2018-2940 – JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (Libraries)
https://notcve.org/view.php?id=CVE-2018-2940
18 Jul 2018 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized re... • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html •
CVSS: 8.3EPSS: 1%CPEs: 21EXPL: 0CVE-2018-2941 – JDK: unspecified vulnerability fixed in 7u191, 8u181, and 10.0.2 (JavaFX)
https://notcve.org/view.php?id=CVE-2018-2941
18 Jul 2018 — Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u181, 8u172 and 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability ca... • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html •
CVSS: 8.3EPSS: 1%CPEs: 20EXPL: 0CVE-2018-2964 – JDK: unspecified vulnerability fixed in 8u181 and 10.0.2 (Deployment)
https://notcve.org/view.php?id=CVE-2018-2964
18 Jul 2018 — Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u172 and 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can r... • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html •