CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2019-9895 – Debian Security Advisory 4423-1
https://notcve.org/view.php?id=CVE-2019-9895
21 Mar 2019 — In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding. En PuTTY, en versiones anteriores a la 0.71 en Unix, existe un desbordamiento de búfer desencadenable remotamente en cualquier tipo de redirección servidor-a-cliente. Multiple vulnerabilities were found in the PuTTY SSH client, which could result in denial of service and potentially the execution of arbitrary code. In addition, in some situations random numbers could potentially b... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00004.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2019-9894 – Debian Security Advisory 4423-1
https://notcve.org/view.php?id=CVE-2019-9894
21 Mar 2019 — A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification. Puede ocurrir una sobrescritura de memoria desencadenable remotamente en el intercambio de claves RSA en PuTTY, en versiones anteriores a la 0.71, antes de la verificación de claves del host. Multiple vulnerabilities were found in the PuTTY SSH client, which could result in denial of service and potentially the execution of arbitrary code. In addition, in some situations random numbers co... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00004.html • CWE-320: Key Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-5885
https://notcve.org/view.php?id=CVE-2019-5885
19 Mar 2019 — Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users. Matrix Synapse, en versiones anteriores a la 0.34.0.1, cuando el parámetro de autenticación macaroon_secret_key no se establece, emplea un valor predecible para obtener una clave secreta y otros secretos, lo que podría permitir que los atacantes remotos suplanten usuarios. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/32Y6KD3OAHCG5P33HC2QEX3NUZOSXCGZ • CWE-330: Use of Insufficiently Random Values •
CVSS: 9.1EPSS: 1%CPEs: 6EXPL: 0CVE-2019-3858 – libssh2: Zero-byte allocation with a specially crafted SFTP packed leading to an out-of-bounds read
https://notcve.org/view.php?id=CVE-2019-3858
19 Mar 2019 — An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. Se ha descubierto un error de lectura fuera de límites en libssh2, en versiones anteriores a la 1.8.1, cuando un paquete SFTP especialmente manipulado se recibe desde el servidor. Un atacante remoto que comprometa un servidor SSH podría ser capaz de provoca... • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 1%CPEs: 8EXPL: 0CVE-2019-3859 – Slackware Security Advisory - libssh2 Updates
https://notcve.org/view.php?id=CVE-2019-3859
19 Mar 2019 — An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. Se ha descubierto un error de lectura fuera de límites en libssh2, en versiones anteriores a la 1.8.1, en las funciones _libssh2_packet_require y _libssh2_packet_requirev. Un atacante remoto que comprometa un servidor SSH podría ser capaz de provocar u... • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 5%CPEs: 5EXPL: 0CVE-2019-3862 – libssh2: Out-of-bounds memory comparison with specially crafted message channel request
https://notcve.org/view.php?id=CVE-2019-3862
19 Mar 2019 — An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. Se ha descubierto un error de lectura fuera de límites en libssh2, en versiones anteriores a la 1.8.1, en la forma en la que se analizan los paquetes SSH_MSG_CHANNEL_REQUEST con un mensaje de estado de salida y sin carga útil... • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html • CWE-125: Out-of-bounds Read CWE-130: Improper Handling of Length Parameter Inconsistency •
CVSS: 9.3EPSS: 8%CPEs: 18EXPL: 0CVE-2019-3855 – libssh2: Integer overflow in transport read resulting in out of bounds write
https://notcve.org/view.php?id=CVE-2019-3855
19 Mar 2019 — An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. Se ha descubierto un error de desbordamiento de enteros que podría conducir a una escritura fuera de límites en libssh2, en versiones anteriores a la 1.8.1, en la forma en la que los paquetes se leen desde el servidor. Un atacan... • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0CVE-2018-18898 – Ubuntu Security Notice USN-4517-1
https://notcve.org/view.php?id=CVE-2018-18898
17 Mar 2019 — The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing. La funcionalidad email-ingestion en Best Practical Request Tracker, desde la versión 4.1.3 hasta la 4.4 permite que los atacantes remotos provoquen una denegación de servicio mediante un ataque de complejidad algorítmica en el análisis de direcciones de correo electrónico. It was discovered that Email-Address-List does no... • https://bestpractical.com/download-page • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 3%CPEs: 14EXPL: 0CVE-2018-12022 – jackson-databind: improper polymorphic deserialization of types from Jodd-db library
https://notcve.org/view.php?id=CVE-2018-12022
17 Mar 2019 — An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload. Se ha descubierto un problema en FasterXML jackson-databind, en versiones anteriores a la 2.7.9.4, 2.8.11.2 y 2.9.6. Cuando "Def... • http://www.securityfocus.com/bid/107585 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2019-6778 – QEMU: slirp: heap buffer overflow in tcp_emu()
https://notcve.org/view.php?id=CVE-2019-6778
17 Mar 2019 — In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow. En QEMU 3.0.0, tcp_emu en slirp/tcp_subr.c tiene un desbordamiento de búfer basado en memoria dinámica (heap). A heap buffer overflow issue was found in the SLiRP networking implementation of the QEMU emulator. It occurs in tcp_emu() routine while emulating the Identification protocol and copying message data to a socket buffer. A user or process could use this flaw to crash the QEMU process on the host resulting in a DoS or potent... • http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00073.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •