CVSS: 7.5EPSS: 0%CPEs: 35EXPL: 2CVE-2019-8936
https://notcve.org/view.php?id=CVE-2019-8936
NTP through 4.2.8p12 has a NULL Pointer Dereference. NTP hasta 4.2.8p12 tiene una desreferencia del puntero NULL. • https://github.com/snappyJack/CVE-2019-8936 http://bugs.ntp.org/show_bug.cgi?id=3565 http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00036.html http://packetstormsecurity.com/files/152915/FreeBSD-Security-Advisory-FreeBSD-SA-19-04.ntp.html http://support.ntp.org/bin/view/Main/SecurityNotice https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NVS2CSG2TQ663CXOZZUJN4STQPMENNP http • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 0%CPEs: 57EXPL: 1CVE-2019-7317 – libpng: use-after-free in png_image_free in png.c
https://notcve.org/view.php?id=CVE-2019-7317
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. La función png_image_free en el archivo png.c en libpng versiones 1.6.x anteriores a 1.6.37, presenta un uso de la memoria previamente liberada porque la función png_image_free_function es llamada bajo png_safe_execute. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html http://www.securityfocus.com/bid/108098 https:/ • CWE-400: Uncontrolled Resource Consumption CWE-416: Use After Free •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2015-9281
https://notcve.org/view.php?id=CVE-2015-9281
Logon Manager in SAS Web Infrastructure Platform before 9.4M3 allows reflected XSS on the Timeout page. Logon Manager en SAS Web Infrastructure Platform, en versiones anteriores a la 9.4M3, permite Cross-Site Scripting (XSS) reflejado en la página Timeout. • http://support.sas.com/kb/55/537.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 12EXPL: 0CVE-2018-20732
https://notcve.org/view.php?id=CVE-2018-20732
SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant. SAS Web Infrastructure Platform, en versiones anteriores a la 9.4M6, permite que atacantes remotos ejecuten código arbitrario mediante una variante de deserialización de Java. • http://www.securityfocus.com/bid/106648 https://support.sas.com/kb/63/391.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2018-20733
https://notcve.org/view.php?id=CVE-2018-20733
BI Web Services in SAS Web Infrastructure Platform before 9.4M6 allows XXE. BI Web Services en SAS Web Infrastructure Platform en versiones anteriores a la 9.4M6 permite XEE (XML External Entity). • http://support.sas.com/kb/62/987.html • CWE-611: Improper Restriction of XML External Entity Reference •