CVSS: 8.6EPSS: 1%CPEs: 1EXPL: 1CVE-2019-11823
https://notcve.org/view.php?id=CVE-2019-11823
04 May 2020 — CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic. Una vulnerabilidad de inyección de CRLF en Network Center en Synology Router Manager (SRM) versiones anteriores a la versión 1.2.3-8017-2, permite a atacantes remotos causar una denegación de servicio (lectura fuera de límites y bloqueo de aplicación) por medio de un tráfico de red dise... • https://www.synology.com/security/advisory/Synology_SA_20_11 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 2%CPEs: 3EXPL: 0CVE-2019-9502 – Broadcom wl driver is vulnerable to heap buffer overflow
https://notcve.org/view.php?id=CVE-2019-9502
03 Feb 2020 — The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. If the vendor information element data length is larger than 164 bytes, a heap buffer overflow is triggered in wlc_wpa_plumb_gtk. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions. El controlador Broadcom wl WiFi es vulnerable a un desbordamiento... • https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 4%CPEs: 3EXPL: 1CVE-2019-9501 – Broadcom wl driver is vulnerable to heap buffer overflow
https://notcve.org/view.php?id=CVE-2019-9501
03 Feb 2020 — The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. By supplying a vendor information element with a data length larger than 32 bytes, a heap buffer overflow is triggered in wlc_wpa_sup_eapol. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions. El controlador Broadcom wl WiFi es vulnerable a un des... • https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 2%CPEs: 12EXPL: 0CVE-2019-19344 – Ubuntu Security Notice USN-4244-1
https://notcve.org/view.php?id=CVE-2019-19344
21 Jan 2020 — There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer. Se presenta un problema de uso de la memoria previamente liberada en todas las versiones 4.9.x anteriores a 4.9.18 de samba, todas las versiones 4.10.x anteriores a 4.10.12 de samba y todas las versiones 4.11.x anteriores a 4.11.5 de samba, esencia... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00055.html • CWE-416: Use After Free •
CVSS: 6.5EPSS: 5%CPEs: 17EXPL: 0CVE-2019-14907 – samba: Crash after failed character conversion at log level 3 or above
https://notcve.org/view.php?id=CVE-2019-14907
21 Jan 2020 — All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client a... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00055.html • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 1%CPEs: 24EXPL: 0CVE-2019-9494 – The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side-channel attacks
https://notcve.org/view.php?id=CVE-2019-9494
17 Apr 2019 — The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected. Las implementaciones SAE en hostapd y wpa_supplicant son vulnerables a los ataques de canal lateral (side ... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html • CWE-203: Observable Discrepancy CWE-208: Observable Timing Discrepancy CWE-524: Use of Cache Containing Sensitive Information •
CVSS: 4.3EPSS: 3%CPEs: 25EXPL: 0CVE-2019-9495 – The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns
https://notcve.org/view.php?id=CVE-2019-9495
11 Apr 2019 — The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html • CWE-203: Observable Discrepancy CWE-524: Use of Cache Containing Sensitive Information •
CVSS: 8.1EPSS: 1%CPEs: 28EXPL: 0CVE-2019-9499 – The implementations of EAP-PWD in wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit
https://notcve.org/view.php?id=CVE-2019-9499
11 Apr 2019 — The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to a... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html • CWE-287: Improper Authentication CWE-346: Origin Validation Error •
CVSS: 8.1EPSS: 1%CPEs: 28EXPL: 0CVE-2019-9498 – The implementations of EAP-PWD in hostapd EAP Server do not validate the scalar and element values in EAP-pwd-Commit
https://notcve.org/view.php?id=CVE-2019-9498
11 Apr 2019 — The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html • CWE-287: Improper Authentication CWE-346: Origin Validation Error •
CVSS: 6.1EPSS: 1%CPEs: 13EXPL: 1CVE-2019-3870
https://notcve.org/view.php?id=CVE-2019-3870
09 Apr 2019 — A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a s... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3870 • CWE-276: Incorrect Default Permissions •