Page 30 of 400 results (0.018 seconds)

CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 1

CVE-2019-1010319 – wavpack: Use of uninitialized variable in ParseWave64HeaderConfig leads to DoS

https://notcve.org/view.php?id=CVE-2019-1010319

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe. • https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe https://github.com/dbry/WavPack/issues/68 https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IX3J2JML5A7KC2B • CWE-369: Divide By Zero CWE-457: Use of Uninitialized Variable CWE-908: Use of Uninitialized Resource •

CVSS: 5.9EPSS: 1%CPEs: 22EXPL: 0

CVE-2019-12529 – squid: Out of bounds read in Proxy-Authorization header causes DoS

https://notcve.org/view.php?id=CVE-2019-12529

An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checking its table. The length is then used to start decoding the string. There are no checks to ensure that the length it calculates isn't greater than the input buffer. This leads to adjacent memory being decoded as well. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html http://www.squid-cache.org/Versions/v4/changesets http://www.squid-cache.org/Versions/v4/changesets/squid-4-dd46b5417809647f561d8a5e0e74c3aacd235258.patch https://github.com/squid-cache/squid/commits/v4 https://lists.debian.org/debian-lts-announce/2019/07/msg00018.html https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html https://lists • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •

CVSS: 9.8EPSS: 12%CPEs: 12EXPL: 0

CVE-2019-12525 – squid: parsing of header Proxy-Authentication leads to memory corruption

https://notcve.org/view.php?id=CVE-2019-12525

An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with a quote and ends with one. If so, it performs a memcpy of its length minus 2. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html http://www.squid-cache.org/Versions/v4/changesets http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch https://github.com/squid-cache/squid/commits/v4 https://lists.debian.org/debian-lts-announce/2019/07/msg00018.html https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html https://lists • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 2%CPEs: 17EXPL: 0

CVE-2019-12527 – squid: heap-based buffer overflow in HttpHeader::getAuth

https://notcve.org/view.php?id=CVE-2019-12527

An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user controlled data. Se detectó un problema en Squid versiones 4.0.23 hasta 4.7. Al comprobar la autenticación básica con la función HttpHeader::getAuth, Squid utiliza un búfer global para almacenar los datos descodificados. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html http://www.securityfocus.com/bid/109143 http://www.squid-cache.org/Versions/v4/changesets http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch https://access.redhat.com/errata/RHSA-2019:2593 https://github.com/squid-cache/squid/commits/v4 https://lists.fedoraproject.org/archives/list/package-announce%40li • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 1%CPEs: 10EXPL: 0

CVE-2019-12838

https://notcve.org/view.php?id=CVE-2019-12838

SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection. Slurm versiones 17.11.x, versiones 18.08.0 hasta 18.08.7, y versión 19.05.0 de SchedMD, permite la inyección SQL. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00051.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00038.html https://lists.debian.org/debian-lts-announce/2020/03/msg00016.html https://lists.debian.org/debian-lts-announce/2022/01/msg00011.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2O47F72FWMYLEGF35QGNYY5VS33SUQS5 https://lists.fedoraproject.org • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •