CVSS: 7.8EPSS: 10%CPEs: 55EXPL: 0CVE-2019-9514 – Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service
https://notcve.org/view.php?id=CVE-2019-9514
13 Aug 2019 — Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. Algunas implementaciones de HTTP / 2 son vulnerables a una inundación de reinicio, lo que puede conducir a una denegación de servicio. El atacante abre una... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.1EPSS: 1%CPEs: 13EXPL: 1CVE-2019-3870
https://notcve.org/view.php?id=CVE-2019-3870
09 Apr 2019 — A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a s... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3870 • CWE-276: Incorrect Default Permissions •
CVSS: 10.0EPSS: 89%CPEs: 9EXPL: 8CVE-2018-1160 – Netatalk 3.1.12 - Authentication Bypass (PoC)
https://notcve.org/view.php?id=CVE-2018-1160
20 Dec 2018 — Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution. Netatalk, en versiones anteriores a la 3.1.12, es vulnerable a una escritura fuera de límites en dsi_opensess.c. Esto se debe a la falta de comprobación de límites de los datos controlados por el atacante. • https://packetstorm.news/files/id/150891 • CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2018-13281
https://notcve.org/view.php?id=CVE-2018-13281
31 Oct 2018 — Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager (DSM) before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the file_path parameter. Vulnerabilidad de exposición de información en SYNO.Core.ACL en Synology DiskStation Manager (DSM) en versiones anteriores a la 6.2-23739-2 permite que usuarios autenticados remotos determinen la existencia y obtengan los metadatos de archivos arbitrarios mediante el pa... • https://www.synology.com/en-global/support/security/Synology_SA_18_36 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 17%CPEs: 24EXPL: 6CVE-2018-8897 – Microsoft Windows - 'POP/MOV SS' Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-8897
08 May 2018 — A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, ... • https://packetstorm.news/files/id/148549 • CWE-250: Execution with Unnecessary Privileges CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.3EPSS: 1%CPEs: 31EXPL: 0CVE-2018-7170 – Slackware Security Advisory - ntp Updates
https://notcve.org/view.php?id=CVE-2018-7170
01 Mar 2018 — ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549. ntpd en ntp, en versiones 4.2.x anteriores a la 4.2.8p7 y versiones 4.3.x anteriores a la 4.3.92, permite que usuarios autenticados que conozcan la clave privada simétrica creen de for... • http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html •
CVSS: 7.5EPSS: 6%CPEs: 23EXPL: 0CVE-2018-7184 – Ubuntu Security Notice USN-3707-1
https://notcve.org/view.php?id=CVE-2018-7184
01 Mar 2018 — ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704. ntpd en ntp, en versiones 4.2.8p4 anteriores a la 4.2.8p11, envía paquetes malos antes de actualizar la marca de tiempo "received"... • http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html •
CVSS: 7.5EPSS: 15%CPEs: 63EXPL: 0CVE-2018-7185 – Ubuntu Security Notice USN-3707-2
https://notcve.org/view.php?id=CVE-2018-7185
01 Mar 2018 — The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association. El motor de protocolo en ntp, en versiones 4.2.6 anteriores a la 4.2.8p11, permite que atacantes remotos provoquen una denegación de servicio (interrupción) mediante el envío continuado de un paquete con una marc... • http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html •
CVSS: 5.6EPSS: 94%CPEs: 1467EXPL: 10CVE-2017-5753 – Multiple CPUs - 'Spectre' Information Disclosure
https://notcve.org/view.php?id=CVE-2017-5753
04 Jan 2018 — Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Los sistemas con microprocesadores con ejecución especulativa y predicción de ramas podrían permitir la revelación no autorizada de información al atacante con acceso de usuario local mediante un análisis de un canal lateral. An industry-wide issue was found in the way many modern microprocessor designs have imp... • https://packetstorm.news/files/id/145645 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •