CVSS: 7.8EPSS: 4%CPEs: 43EXPL: 0CVE-2019-9517 – Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service
https://notcve.org/view.php?id=CVE-2019-9517
13 Aug 2019 — Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both. Algunas implementaciones HT... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 3%CPEs: 35EXPL: 0CVE-2019-9518 – Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service
https://notcve.org/view.php?id=CVE-2019-9518
13 Aug 2019 — Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 10%CPEs: 55EXPL: 0CVE-2019-9514 – Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service
https://notcve.org/view.php?id=CVE-2019-9514
13 Aug 2019 — Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. Algunas implementaciones de HTTP / 2 son vulnerables a una inundación de reinicio, lo que puede conducir a una denegación de servicio. El atacante abre una... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.8EPSS: 11%CPEs: 10EXPL: 2CVE-2019-9169 – glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read
https://notcve.org/view.php?id=CVE-2019-9169
26 Feb 2019 — In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match. En la biblioteca GNU C (también conocida como glibc o libc6), hasta la versión 2.29, proceed_next_node en posix/regexec.c tiene una sobrelectura de búfer basada en memoria dinámica (heap) mediante un intento de coincidencia de expresiones regulares que no distinguen entre mayúsculas y minúsculas. Red Hat Advanced Cluster Ma... • http://www.securityfocus.com/bid/107160 • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 5%CPEs: 180EXPL: 0CVE-2019-1559 – 0-byte record padding oracle
https://notcve.org/view.php?id=CVE-2019-1559
26 Feb 2019 — If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order ... • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html • CWE-203: Observable Discrepancy CWE-325: Missing Cryptographic Step •
CVSS: 7.0EPSS: 0%CPEs: 55EXPL: 1CVE-2019-6454 – systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash
https://notcve.org/view.php?id=CVE-2019-6454
18 Feb 2019 — An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic). Se ha descubierto un problema en sd-bus en... • http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00070.html • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 9%CPEs: 30EXPL: 0CVE-2018-18311 – perl: Integer overflow leading to buffer overflow in Perl_my_setenv()
https://notcve.org/view.php?id=CVE-2018-18311
30 Nov 2018 — Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. Perl, en versiones anteriores a la 5.26.3 y versiones 5.28.0.x anteriores a la 5.28.1, tiene un desbordamiento de búfer mediante una expresión regular manipulada que desencadena operaciones inválidas de escritura. Jayakrishna Menon discovered that Perl incorrectly handled Perl_my_setenv. An attacker could use this issue to cause Perl to crash, resulting in a denial of se... • http://seclists.org/fulldisclosure/2019/Mar/49 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 6%CPEs: 52EXPL: 7CVE-2017-1000366 – Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic Stack Clash' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-1000366
19 Jun 2017 — glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier. Glibc contiene una vulnerabilidad que permite que los valores LD_LIBRARY_PATH esp... • https://packetstorm.news/files/id/154361 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 12%CPEs: 18EXPL: 1CVE-2016-4447 – libxml2: Heap-based buffer underreads due to xmlParseName
https://notcve.org/view.php?id=CVE-2016-4447
27 May 2016 — The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName. La función xmlParseElementDecl en parser.c en libxml2 en versiones anteriores a 2.9.4 permite a atacantes dependientes del contexto provocar una denegación de servicio (underread basado en memoria dinámica y caída de aplicación) a través de un archivo manipulado, con la participació... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 2%CPEs: 42EXPL: 0CVE-2016-4448 – libxml2: Format string vulnerability
https://notcve.org/view.php?id=CVE-2016-4448
27 May 2016 — Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. Vulnerabilidad de formato de cadena en libxml2 en versiones anteriores a 2.9.4 permite a atacantes tener un impacto no especificado a través de especificadores de formato de cadena en vectores desconocidos. It was discovered that libxml2 incorrectly handled format strings. If a user or automated system were tricked into opening a specially crafted document, an atta... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-134: Use of Externally-Controlled Format String •