CVSS: 7.5EPSS: 0%CPEs: 55EXPL: 1CVE-2019-19906 – cyrus-sasl: denial of service in _sasl_add_string function
https://notcve.org/view.php?id=CVE-2019-19906
19 Dec 2019 — cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl. cyrus-sasl (también se conoce como Cyrus SASL) versión 2.1.27, presenta una escritura fuera de límites conllevando a una denegación de servicio remota no autenticada en OpenLDAP por medio de un paquete LDAP malformado. El bloqueo de OpenLDAP es ca... • http://seclists.org/fulldisclosure/2020/Jul/23 • CWE-193: Off-by-one Error CWE-400: Uncontrolled Resource Consumption CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2011-2717
https://notcve.org/view.php?id=CVE-2011-2717
27 Nov 2019 — The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message. El cliente DHCPv6 (dhcp6c) como se usado en el proyecto dhcpv6 hasta el 25/07/2011, permite a los servidores DHCP remotos ejecutar comandos arbitrarios por medio de metacaracteres de shell en un nombre de host obtenido desde un mensaje DHCP. • https://access.redhat.com/security/cve/cve-2011-2717 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 1CVE-2011-3632
https://notcve.org/view.php?id=CVE-2011-3632
26 Nov 2019 — Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks. Hardlink versiones anteriores a 0.1.2, opera en nombres de ruta de objetos del sistema de archivos completo, lo que puede permitir a un atacante local usar este fallo para realizar ataques de tipo symlink. • https://access.redhat.com/security/cve/cve-2011-3632 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.8EPSS: 1%CPEs: 6EXPL: 0CVE-2011-3631
https://notcve.org/view.php?id=CVE-2011-3631
26 Nov 2019 — Hardlink before 0.1.2 has multiple integer overflows leading to heap-based buffer overflows because of the way string lengths concatenation is done in the calculation of the required memory space to be used. A remote attacker could provide a specially-crafted directory tree and trick the local user into consolidating it, leading to hardlink executable crash or potentially arbitrary code execution with user privileges. Hardlink versiones anteriores a 0.1.2, presenta múltiples desbordamientos de enteros que c... • https://access.redhat.com/security/cve/cve-2011-3631 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 1%CPEs: 6EXPL: 0CVE-2011-3630
https://notcve.org/view.php?id=CVE-2011-3630
26 Nov 2019 — Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow flaws because of the way directory trees with deeply nested directories are processed. A remote attacker could provide a specially-crafted directory tree, and trick the local user into consolidating it, leading to hardlink executable crash, or, potentially arbitrary code execution with the privileges of the user running the hardlink executable. Hardlink versiones anteriores a 0.1.2, sufre de múltiples fallos de desbordamiento de búfer en... • https://access.redhat.com/security/cve/cve-2011-3630 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2012-5644
https://notcve.org/view.php?id=CVE-2012-5644
25 Nov 2019 — libuser has information disclosure when moving user's home directory libuser, presenta una divulgación de información cuando se mueve el directorio de inicio de usuario. • http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102068.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.3EPSS: 0%CPEs: 5EXPL: 0CVE-2012-5630
https://notcve.org/view.php?id=CVE-2012-5630
25 Nov 2019 — libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees. libuser versiones 0.56 y 0.57, presenta una condición de carrera TOCTOU (de tiempo de comprobación y de tiempo de uso) cuando se copia y elimina árboles de directorios. • http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102068.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2012-5521
https://notcve.org/view.php?id=CVE-2012-5521
25 Nov 2019 — quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal quagga (ospf6d) versión 0.99.21, presenta un fallo de tipo DoS en la manera en que el demonio ospf6d realiza la eliminación de rutas. • http://www.openwall.com/lists/oss-security/2012/11/13/14 • CWE-617: Reachable Assertion •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2012-0877
https://notcve.org/view.php?id=CVE-2012-0877
22 Nov 2019 — PyXML: Hash table collisions CPU usage Denial of Service PyXML: la CPU de colisiones de tablas hash usa una Denegación de Servicio • http://seclists.org/oss-sec/2014/q3/96 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 1%CPEs: 12EXPL: 1CVE-2019-14864 – Ansible: Splunk and Sumologic callback plugins leak sensitive data in logs
https://notcve.org/view.php?id=CVE-2019-14864
20 Nov 2019 — Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data. Ansible, versiones 2.9.x anteriores a la versión 2.9.1, versiones 2.8.x anteriores a la versión 2.8.7 y Ansible versiones 2.7.x anteriores a la versión 2.7.15, no respeta el flag no_log, configurado en True cuando los... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html • CWE-117: Improper Output Neutralization for Logs CWE-532: Insertion of Sensitive Information into Log File •