Page 22 of 139 results (0.137 seconds)

CVSS: 3.1EPSS: 0%CPEs: 37EXPL: 0

CVE-2019-2945 – OpenJDK: Missing restrictions on use of custom SocketImpl (Networking, 8218573)

https://notcve.org/view.php?id=CVE-2019-2945

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://access.redhat.com/errata/RHSA-2019:3134 https://access.redhat.com/errata/RHSA-2019:3135 https://access.redhat.com/errata/RHSA-2019:3136 https://access.redhat.com/errata/RHSA-2019:3157 https&# •

CVSS: 4.3EPSS: 0%CPEs: 37EXPL: 0

CVE-2019-2983 – OpenJDK: Unexpected exception thrown during Font object deserialization (Serialization, 8224915)

https://notcve.org/view.php?id=CVE-2019-2983

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://access.redhat.com/errata/RHSA-2019:3134 https://access.redhat.com/errata/RHSA-2019:3135 https://access.redhat.com/errata/RHSA-2019:3136 https://access.redhat.com/errata/RHSA-2019:3157 https&# • CWE-248: Uncaught Exception •

CVSS: 5.3EPSS: 0%CPEs: 37EXPL: 0

CVE-2019-13118

https://notcve.org/view.php?id=CVE-2019-13118

In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. En el archivo numbers.c en libxslt versión 1.1.33, un tipo que contiene caracteres de agrupación de una instrucción xsl:number era demasiado estrecho y una combinación de carácter/longitud no válida se podía ser pasada a la función xsltNumberFormatDecimal, conllevando a una lectura de los datos de pila no inicializados. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html http://seclists.org/fulldisclosure/2019/Aug/11 http://seclists.org/fulldisclosure/2019/Aug/13 http://seclists.org/fulldisclosure/2019/Aug/14 http://seclists.org/fulldisclosure/2019/Aug/15 http://seclists.org/fulldisclosure/2019/Jul/22 http://seclists.org/fulldisclosure/2019/Jul/23 http://seclists.org/fulldisclosure/2019/Jul/24 http://seclists.org/fulldisclosure/2019/Jul/26 http://seclists.org/fulldisclosur • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 9.8EPSS: 0%CPEs: 31EXPL: 0

CVE-2019-11068 – libxslt: xsltCheckRead and xsltCheckWrite routines security bypass by crafted URL

https://notcve.org/view.php?id=CVE-2019-11068

libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. libxslt hasta la versión 1.1.33 permite omitir los mecanismos de protección debido a que los callers xsltCheckRead y xsltCheckWrite permiten acceso incluso después de recibir el código de error -1. xsltCheckRead puede devolver -1 para una URL creada que no es realmente inválida y que se carga posteriormente. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html http://www.openwall.com/lists/oss-security/2019/04/22/1 http://www.openwall.com/lists/oss-security/2019/04/23/5 https • CWE-284: Improper Access Control •

CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0

CVE-2019-0222 – activemq: Corrupt MQTT frame can cause broker shutdown

https://notcve.org/view.php?id=CVE-2019-0222

In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive. En Apache ActiveMQ, desde la versión 5.0.0 hasta la 5.15.8, la deserialización de una trama MQTT corrupta puede conducir a una excepción de bróker fuera de memoria, haciendo que no responda. • http://activemq.apache.org/security-advisories.data/CVE-2019-0222-announcement.txt http://www.openwall.com/lists/oss-security/2019/03/27/2 http://www.securityfocus.com/bid/107622 https://lists.apache.org/thread.html/03f91b1fb85686a848cee6b90112cf6059bd1b21b23bacaa11a962e1%40%3Cdev.activemq.apache.org%3E https://lists.apache.org/thread.html/2b5c0039197a4949f29e1e2c9441ab38d242946b966f61c110808bcc%40%3Ccommits.activemq.apache.org%3E https://lists.apache.org/thread.html/71640324661c1b6d0b6708bd4fb20170e1b979370a4b8cddc4f8d485%40%3Cdev.activemq.apache.org •