Page 48 of 733 results (0.010 seconds)

CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 2

CVE-2019-17455

https://notcve.org/view.php?id=CVE-2019-17455

Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request. Libntlm versiones hasta 1.5, se basa en un tamaño de búfer fijo para operaciones de lectura y escritura de las funciones tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge y tSmbNtlmAuthResponse, como es demostrado por una lectura excesiva de búfer en la región heap de la memoria en la función buildSmbNtlmAuthRequest en el archivo smbutil.c para una petición NTLM especialmente diseñada. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00032.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942145 https://gitlab.com/jas/libntlm/issues/2 https://lists.debian.org/debian-lts-announce/2020/05/msg00010.html https://lists.debian.org/debian-lts-announce/2021/11/msg00026.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BVFO3OVJPMSGIXBKNOCVOJZ3UTGZQF5 • CWE-125: Out-of-bounds Read •

CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0

CVE-2019-14846 – ansible: secrets disclosed on logs when no_log enabled

https://notcve.org/view.php?id=CVE-2019-14846

In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process. En Ansible, todas las versiones de Ansible Engine hasta ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, se registraban en el nivel DEBUG, lo que conlleva a la divulgación de credenciales si un plugin usó una biblioteca que registraba credenciales en el nivel DEBUG. Este defecto no afecta a los módulos de Ansible, ya que son ejecutados en un proceso separado. Ansible was logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html https://access.redhat.com/errata/RHSA-2019:3201 https://access.redhat.com/errata/RHSA-2019:3202 https://access.redhat.com/errata/RHSA-2019:3203 https://access.redhat.com/errata/RHSA-2019:3207 https://access.redhat.com/errata/RHSA-2020:0756 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14846 https://github.com/ansible/ansible • CWE-117: Improper Output Neutralization for Logs CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0

CVE-2019-17042 – rsyslog: heap-based overflow in contrib/pmcisconames/pmcisconames.c

https://notcve.org/view.php?id=CVE-2019-17042

An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00032.html https://github.com/rsyslog/rsyslog/blob/v8-stable/ChangeLog https://github.com/rsyslog/rsyslog/pull/3883 https://lists.debian.org/debian-lts-announce/2021/11/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPNCHI7X2IEXRH6RYD6IDPR4PLB5RPC7 https://lists.fedoraproject.org/archives/list/package-announce%40lists& • CWE-20: Improper Input Validation CWE-122: Heap-based Buffer Overflow •

CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 1

CVE-2019-17041 – rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c

https://notcve.org/view.php?id=CVE-2019-17041

An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. • https://github.com/Resery/CVE-2019-17041 http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00032.html https://github.com/rsyslog/rsyslog/blob/v8-stable/ChangeLog https://github.com/rsyslog/rsyslog/pull/3884 https://lists.debian.org/debian-lts-announce/2021/11/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPNCHI7X2IEXRH6RYD6IDPR4PLB5RPC7 https://lists.fed • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 1%CPEs: 11EXPL: 0

CVE-2019-17177

https://notcve.org/view.php?id=CVE-2019-17177

libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value. El archivo libfreerdp/codec/region.c en FreeRDP versiones hasta 1.1.x y versiones 2.x hasta 2.0.0-rc4, presenta pérdidas de memoria porque un puntero realloc suministrado (es decir, el primer argumento para realloc) también es usado para un valor de retorno realloc. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00005.html https://github.com/FreeRDP/FreeRDP/commit/9fee4ae076b1ec97b97efb79ece08d1dab4df29a https://github.com/FreeRDP/FreeRDP/issues/5645 https://security.gentoo.org/glsa/202005-07 https://usn.ubuntu.com/4379-1 • CWE-401: Missing Release of Memory after Effective Lifetime •