CVSS: 6.1EPSS: 58%CPEs: 6EXPL: 0CVE-2019-6341 – Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2019-004
https://notcve.org/view.php?id=CVE-2019-6341
26 Mar 2019 — In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability. En Drupal 7, en versiones anteriores a la 7.65; Drupal 8.6, en versiones anteriores a la 8.6.13 y Drupal 8.5, en versiones anteriores a la 8.5.14. En ciertas condiciones, el módulo/subsistema File permite que un usuario malicioso suba un archivo q... • https://lists.debian.org/debian-lts-announce/2019/04/msg00003.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.3EPSS: 0%CPEs: 15EXPL: 0CVE-2019-3835 – ghostscript: superexec operator is available (700585)
https://notcve.org/view.php?id=CVE-2019-3835
22 Mar 2019 — It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Se ha observado que el operador superexec estaba disponible en el diccionario interno en ghostscript en las versiones anteriores a la 9.27. Un archivo PostScript especialmente manipulado podría explotar este error, por ejemplo, para obtener ac... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html • CWE-648: Incorrect Use of Privileged APIs CWE-862: Missing Authorization •
CVSS: 7.3EPSS: 0%CPEs: 17EXPL: 0CVE-2019-3838 – ghostscript: forceput in DefineResource is still accessible (700576)
https://notcve.org/view.php?id=CVE-2019-3838
22 Mar 2019 — It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Se ha observado que el operador forceput podía ser extraído del método DefineResource en ghostscript en las versiones anteriores a la 9.27. Un archivo PostScript especialmente manipulado podría explotar este error, por ejemplo, para ob... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00011.html • CWE-648: Incorrect Use of Privileged APIs •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 2CVE-2019-3871 – Debian Security Advisory 4424-1
https://notcve.org/view.php?id=CVE-2019-3871
21 Mar 2019 — A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by making the server connect to an invalid endpoint, or possibly information disclosure by making the server connect to an internal endpoint and somehow extracting meaningful information about the response Se ha descubierto... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00022.html • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 20EXPL: 2CVE-2019-9903 – poppler: stack consumption in function Dict::find() in Dict.cc
https://notcve.org/view.php?id=CVE-2019-9903
21 Mar 2019 — PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary. PDFDoc::markObject en PDFDoc.cc en Poppler 0.74.0 gestiona de manera incorrecta el marcado de diccionarios, que conduce al consumo de pila en la función Dict::find() en Dict.cc, que puede (por ejemplo) desencadenarse pasando un archivo pdf manipulado al binario pdfuni... • http://www.securityfocus.com/bid/107560 • CWE-400: Uncontrolled Resource Consumption CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 4%CPEs: 7EXPL: 0CVE-2019-9898 – Debian Security Advisory 4423-1
https://notcve.org/view.php?id=CVE-2019-9898
21 Mar 2019 — Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71. Existe el reciclado potencial de números aleatorios empleados en criptografía en PuTTY, en versiones anteriores a la 0.71. Multiple vulnerabilities were found in the PuTTY SSH client, which could result in denial of service and potentially the execution of arbitrary code. In addition, in some situations random numbers could potentially be re-used. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00004.html • CWE-330: Use of Insufficiently Random Values •
CVSS: 7.5EPSS: 2%CPEs: 7EXPL: 0CVE-2019-9897 – Debian Security Advisory 4423-1
https://notcve.org/view.php?id=CVE-2019-9897
21 Mar 2019 — Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71. Existen múltiples ataques de denegación de servicio (DoS) que pueden desencadenarse escribiendo en la terminal en PuTTY, en versiones anteriores a la 0.71. Multiple vulnerabilities were found in the PuTTY SSH client, which could result in denial of service and potentially the execution of arbitrary code. In addition, in some situations random numbers could potentially be re-used. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00004.html •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2019-9895 – Debian Security Advisory 4423-1
https://notcve.org/view.php?id=CVE-2019-9895
21 Mar 2019 — In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding. En PuTTY, en versiones anteriores a la 0.71 en Unix, existe un desbordamiento de búfer desencadenable remotamente en cualquier tipo de redirección servidor-a-cliente. Multiple vulnerabilities were found in the PuTTY SSH client, which could result in denial of service and potentially the execution of arbitrary code. In addition, in some situations random numbers could potentially b... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00004.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2019-9894 – Debian Security Advisory 4423-1
https://notcve.org/view.php?id=CVE-2019-9894
21 Mar 2019 — A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification. Puede ocurrir una sobrescritura de memoria desencadenable remotamente en el intercambio de claves RSA en PuTTY, en versiones anteriores a la 0.71, antes de la verificación de claves del host. Multiple vulnerabilities were found in the PuTTY SSH client, which could result in denial of service and potentially the execution of arbitrary code. In addition, in some situations random numbers co... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00004.html • CWE-320: Key Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-5885
https://notcve.org/view.php?id=CVE-2019-5885
19 Mar 2019 — Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users. Matrix Synapse, en versiones anteriores a la 0.34.0.1, cuando el parámetro de autenticación macaroon_secret_key no se establece, emplea un valor predecible para obtener una clave secreta y otros secretos, lo que podría permitir que los atacantes remotos suplanten usuarios. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/32Y6KD3OAHCG5P33HC2QEX3NUZOSXCGZ • CWE-330: Use of Insufficiently Random Values •