CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-8739 – Apple Security Advisory 2019-9-26-7
https://notcve.org/view.php?id=CVE-2019-8739
29 Sep 2019 — A memory corruption issue was addressed with improved state management. This issue is fixed in Xcode 11.0. Processing a maliciously crafted file may lead to arbitrary code execution. Un problema de corrupción de memoria fue abordado mejorando la gestión del estado. Este problema es corregido en Xcode versión 11.0. • https://support.apple.com/HT210609 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-8722 – Apple Security Advisory 2019-9-26-7
https://notcve.org/view.php?id=CVE-2019-8722
29 Sep 2019 — Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege. Varios problemas en ld64 en las cadenas de herramientas Xcode fueron abordados mediante la actualización de la versión ld64-507.4. Este problema es corregido en Xcode versión 11.0. • https://support.apple.com/HT210609 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-8724 – Apple Security Advisory 2019-9-26-7
https://notcve.org/view.php?id=CVE-2019-8724
29 Sep 2019 — Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege. Varios problemas en ld64 en las cadenas de herramientas de Xcode fueron abordados mediante la actualización de la versión ld64-507.4. Este problema es corregido en Xcode versión 11.0. • https://support.apple.com/HT210609 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-8723 – Apple Security Advisory 2019-9-26-7
https://notcve.org/view.php?id=CVE-2019-8723
29 Sep 2019 — Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege. Varios problemas en ld64 en las cadenas de herramientas Xcode fueron abordados mediante la actualización de la versión ld64-507.4. Este problema es corregido en Xcode versión 11.0. • https://support.apple.com/HT210609 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 1%CPEs: 61EXPL: 0CVE-2019-14379 – jackson-databind: default typing mishandling leading to remote code execution
https://notcve.org/view.php?id=CVE-2019-14379
29 Jul 2019 — SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution. El archivo SubTypeValidator.java en jackson-databind de FasterXML en versiones anteriores a la 2.9.9.2 maneja inapropiadamente la escritura predeterminada cuando se usa ehcache (debido a net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), lo que conlleva a la ejecuc... • http://seclists.org/fulldisclosure/2022/Mar/23 • CWE-502: Deserialization of Untrusted Data CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-4357
https://notcve.org/view.php?id=CVE-2018-4357
03 Apr 2019 — A memory corruption issue was addressed with improved input validation. This issue affected versions prior to Xcode 10. Un problema de corrupción de memoria se abordó con una validación de entradas mejorada. Este problema afectaba a Xcode en versiones anteriores a la 10. • https://support.apple.com/kb/HT209135 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 2%CPEs: 18EXPL: 0CVE-2019-3855 – libssh2: Integer overflow in transport read resulting in out of bounds write
https://notcve.org/view.php?id=CVE-2019-3855
19 Mar 2019 — An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. Se ha descubierto un error de desbordamiento de enteros que podría conducir a una escritura fuera de límites en libssh2, en versiones anteriores a la 1.8.1, en la forma en la que los paquetes se leen desde el servidor. Un atacan... • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 3%CPEs: 9EXPL: 1CVE-2018-16843 – nginx: Excessive memory consumption via flaw in HTTP/2 implementation
https://notcve.org/view.php?id=CVE-2018-16843
07 Nov 2018 — nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file. nginx en versiones anteriores a la 1.15.6 y 1.14.1 tiene una vulnerabilidad en la implementación de HTTP/2 que puede permitir el consumo excesivo de memoria. Este problema afecta a nginx compilado con n... • https://github.com/flyniu666/ingress-nginx-0.21-1.19.5 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 1%CPEs: 8EXPL: 0CVE-2018-16844 – nginx: Excessive CPU usage via flaw in HTTP/2 implementation
https://notcve.org/view.php?id=CVE-2018-16844
07 Nov 2018 — nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file. nginx en versiones anteriores a la 1.15.6 y 1.14.1 tiene una vulnerabilidad en la implementación de HTTP/2 que puede permitir el uso excesivo de CPU. Este problema afecta a nginx compilado con ngx_http_v2_module... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.2EPSS: 0%CPEs: 10EXPL: 0CVE-2018-16845 – nginx: Denial of service and memory disclosure via mp4 module
https://notcve.org/view.php?id=CVE-2018-16845
07 Nov 2018 — nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to ... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html • CWE-201: Insertion of Sensitive Information Into Sent Data CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •