CVSS: 9.1EPSS: 1%CPEs: 8EXPL: 0CVE-2019-3859 – Slackware Security Advisory - libssh2 Updates
https://notcve.org/view.php?id=CVE-2019-3859
19 Mar 2019 — An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. Se ha descubierto un error de lectura fuera de límites en libssh2, en versiones anteriores a la 1.8.1, en las funciones _libssh2_packet_require y _libssh2_packet_requirev. Un atacante remoto que comprometa un servidor SSH podría ser capaz de provocar u... • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html • CWE-125: Out-of-bounds Read •
CVSS: 9.3EPSS: 8%CPEs: 18EXPL: 0CVE-2019-3855 – libssh2: Integer overflow in transport read resulting in out of bounds write
https://notcve.org/view.php?id=CVE-2019-3855
19 Mar 2019 — An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. Se ha descubierto un error de desbordamiento de enteros que podría conducir a una escritura fuera de límites en libssh2, en versiones anteriores a la 1.8.1, en la forma en la que los paquetes se leen desde el servidor. Un atacan... • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 3%CPEs: 16EXPL: 0CVE-2019-3856 – libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write
https://notcve.org/view.php?id=CVE-2019-3856
19 Mar 2019 — An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. Se ha descubierto un error de desbordamiento de enteros que podría conducir a una escritura fuera de límites en libssh2, en versiones anteriores a la 1.8.1, en la forma en la que se analizan las peticiones de comandos de te... • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 3%CPEs: 16EXPL: 0CVE-2019-3857 – libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write
https://notcve.org/view.php?id=CVE-2019-3857
19 Mar 2019 — An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. Se ha descubierto un error de desbordamiento de enteros que podría conducir a una escritura fuera de límites en libssh2, en versiones anteriores a la 1.8.1, en la forma en la que se analizan los paq... • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0CVE-2018-18898 – Ubuntu Security Notice USN-4517-1
https://notcve.org/view.php?id=CVE-2018-18898
17 Mar 2019 — The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing. La funcionalidad email-ingestion en Best Practical Request Tracker, desde la versión 4.1.3 hasta la 4.4 permite que los atacantes remotos provoquen una denegación de servicio mediante un ataque de complejidad algorítmica en el análisis de direcciones de correo electrónico. It was discovered that Email-Address-List does no... • https://bestpractical.com/download-page • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 1CVE-2018-19872 – qt: Malformed PPM image causing division by zero and crash in qppmhandler.cpp
https://notcve.org/view.php?id=CVE-2018-19872
15 Mar 2019 — An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp. Se ha descubierto un problema en Qt 5.11. Una imagen PPM mal formada provoca una división entre cero y un cierre inesperado en qppmhandler.cpp. It was discovered that Qt incorrectly handled certain PPM images. • http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates • CWE-369: Divide By Zero •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0CVE-2019-3833 – openwsman: Infinite loop in process_connection() allows denial of service
https://notcve.org/view.php?id=CVE-2019-3833
14 Mar 2019 — Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server. Openwsman, en versiones hasta e incluyendo la 2.6.9, es vulnerable a un bucle infinito en process_connection() al analizar peticiones HTTP especialmente manipuladas. Un atacante remoto no autenticado podría explotar... • http://bugzilla.suse.com/show_bug.cgi?id=1122623 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 1%CPEs: 20EXPL: 0CVE-2019-3816 – openwsman: Disclosure of arbitrary files outside of the registered URIs
https://notcve.org/view.php?id=CVE-2019-3816
14 Mar 2019 — Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server. Openwsman, en versiones hasta e incluyendo la 2.6.9, es vulnerable a una divulgación de archivos arbitrarios debido a que el directorio de trabajo del demonio openwsmand se establecía en el directorio root. Un at... • http://bugzilla.suse.com/show_bug.cgi?id=1122623 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 3%CPEs: 4EXPL: 0CVE-2019-9658
https://notcve.org/view.php?id=CVE-2019-9658
11 Mar 2019 — Checkstyle before 8.18 loads external DTDs by default. Checkstyle, en versiones anteriores a la 8.18, carga DTD externas por defecto. • https://checkstyle.org/releasenotes.html#Release_8.18 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.8EPSS: 1%CPEs: 41EXPL: 0CVE-2019-9636 – python: Information Disclosure due to urlsplit improper NFKC normalization
https://notcve.org/view.php?id=CVE-2019-9636
08 Mar 2019 — Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed c... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html • CWE-172: Encoding Error •