CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2019-1010239
https://notcve.org/view.php?id=CVE-2019-1010239
DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check for Unusual or Exceptional Conditions. The impact is: Null dereference, so attack can cause denial of service. The component is: cJSON_GetObjectItemCaseSensitive() function. The attack vector is: crafted json file. The fixed version is: 1.7.9 and later. cJSON versión 1.7.8 de DaveGamble/cJSON, está afectada por: Comprobación Inapropiada de Condiciones Inusuales o Excepcionales. • https://github.com/DaveGamble/cJSON/commit/be749d7efa7c9021da746e685bd6dec79f9dd99b https://github.com/DaveGamble/cJSON/issues/315 https://www.oracle.com/security-alerts/cpuoct2020.html • CWE-476: NULL Pointer Dereference CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 31EXPL: 0CVE-2019-0201 – zookeeper: Information disclosure in Apache ZooKeeper
https://notcve.org/view.php?id=CVE-2019-0201
An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users. Hay un problema presente en Apache ZooKeeper 1.0.0 a 3.4.13 y 3.5.0-alpha a 3.5.4-beta. • http://www.securityfocus.com/bid/108427 https://access.redhat.com/errata/RHSA-2019:3140 https://access.redhat.com/errata/RHSA-2019:3892 https://access.redhat.com/errata/RHSA-2019:4352 https://issues.apache.org/jira/browse/ZOOKEEPER-1392 https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E https://lists.apache.org/thread.html&#x • CWE-732: Incorrect Permission Assignment for Critical Resource CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-11835
https://notcve.org/view.php?id=CVE-2019-11835
cJSON before 1.7.11 allows out-of-bounds access, related to multiline comments. cJSON, versiones anteriores a 1.7.11, permite el acceso fuera de límites, relacionado con los comentarios multilínea. • https://github.com/DaveGamble/cJSON/compare/c69134d...93688cb https://github.com/DaveGamble/cJSON/issues/338 https://github.com/DaveGamble/cJSON/releases/tag/v1.7.11 https://www.oracle.com/security-alerts/cpuoct2020.html • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-11834
https://notcve.org/view.php?id=CVE-2019-11834
cJSON before 1.7.11 allows out-of-bounds access, related to \x00 in a string literal. cJSON, versiones anteriores a 1.7.11, permite el acceso fuera de límites, relacionado con \x00 en un literal de cadena. • https://github.com/DaveGamble/cJSON/compare/c69134d...93688cb https://github.com/DaveGamble/cJSON/issues/337 https://github.com/DaveGamble/cJSON/releases/tag/v1.7.11 https://www.oracle.com/security-alerts/cpuoct2020.html • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2018-15769
https://notcve.org/view.php?id=CVE-2018-15769
RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used. RSA BSAFE Micro Edition Suite en versiones anteriores a la 4.0.11 (en la serie 4.0.x) y las versiones anteriores a la 4.1.6.2 (en la serie 4.1.x) contiene un problema de error de gestión clave. Un servidor TLS malicioso podría provocar una denegación de servicio (DoS) en los clientes TLS durante la negociación cuando un valor primo muy grande se envía al cliente TLS y se emplea una suite de cifrado Diffie-Hellman Ephemeral o Anonymous (DHE o ADH). • http://www.securityfocus.com/bid/105929 http://www.securitytracker.com/id/1042057 https://seclists.org/fulldisclosure/2018/Nov/37 https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/security-alerts/cpujan2020.html https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpuoct2020.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html •