CVSS: 7.5EPSS: 0%CPEs: 31EXPL: 0CVE-2019-0201 – zookeeper: Information disclosure in Apache ZooKeeper
https://notcve.org/view.php?id=CVE-2019-0201
23 May 2019 — An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthentica... • http://www.securityfocus.com/bid/108427 • CWE-732: Incorrect Permission Assignment for Critical Resource CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 31EXPL: 0CVE-2019-11068 – libxslt: xsltCheckRead and xsltCheckWrite routines security bypass by crafted URL
https://notcve.org/view.php?id=CVE-2019-11068
10 Apr 2019 — libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. libxslt hasta la versión 1.1.33 permite omitir los mecanismos de protección debido a que los callers xsltCheckRead y xsltCheckWrite permiten acceso incluso después de recibir el código de error -1. xsltCheckRead puede devolver -1 para una URL ... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html • CWE-284: Improper Access Control •
CVSS: 5.9EPSS: 4%CPEs: 180EXPL: 0CVE-2019-1559 – 0-byte record padding oracle
https://notcve.org/view.php?id=CVE-2019-1559
26 Feb 2019 — If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order ... • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html • CWE-203: Observable Discrepancy CWE-325: Missing Cryptographic Step •
CVSS: 7.5EPSS: 8%CPEs: 6EXPL: 0CVE-2018-5734 – A malformed request can trigger an assertion failure in badcache.c
https://notcve.org/view.php?id=CVE-2018-5734
16 Jan 2019 — While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. If the receiving view has the SERVFAIL cache feature enabled, this can trigger an assertion failure in badcache.c when the request doesn't contain all of the expected information. Affects BIND 9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, 9.10.6-S2. Al gestionar un tipo concreto de paquete mal formado, BIND selecciona erróneamente un rcode SERVFAIL en lugar de un rcode FORMERR. Si la vista que se ... • http://www.securityfocus.com/bid/103189 • CWE-617: Reachable Assertion •
CVSS: 6.5EPSS: 4%CPEs: 16EXPL: 2CVE-2018-18065 – net-snmp 5.7.3 - (Authenticated) Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2018-18065
08 Oct 2018 — _set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. _set_key en agent/helpers/table_container.c en Net-SNMP en versiones anteriores a la 5.8 tiene un error de excepción de puntero NULL que puede ser empleado por un atacante autenticado para provocar el cierre inesperado de la instancia de forma remota mediante un paque... • https://www.exploit-db.com/exploits/45547 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2018-18066 – net-snmp: NULL pointer exception in snmp_oid_compare in snmplib/snmp_api.c resulting in a denial of service
https://notcve.org/view.php?id=CVE-2018-18066
08 Oct 2018 — snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. snmp_oid_compare en snmplib/snmp_api.c en Net-SNMP en versiones anteriores a la 5.8 tiene un error de excepción de puntero NULL que puede ser empleado por un atacante no autenticado para provocar el cierre inesperado de la instancia de forma remota mediante un paquete UD... • https://dumpco.re/blog/net-snmp-5.7.3-remote-dos • CWE-476: NULL Pointer Dereference •
CVSS: 5.9EPSS: 0%CPEs: 1095EXPL: 0CVE-2018-3693 – Kernel: speculative bounds check bypass store
https://notcve.org/view.php?id=CVE-2018-3693
10 Jul 2018 — Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis. Los sistemas con microprocesadores que emplean la ejecución especulativa y la predicción de ramas podría permitir la divulgación no autorizada de información a un atacante con acceso de usuario local mediante un desbordamiento de búfer especulativo y el análisis de canal lateral. ... • https://access.redhat.com/errata/RHSA-2018:2384 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 2%CPEs: 27EXPL: 0CVE-2017-7657 – jetty: HTTP request smuggling
https://notcve.org/view.php?id=CVE-2017-7657
26 Jun 2018 — In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrar... • http://www.securitytracker.com/id/1041194 • CWE-190: Integer Overflow or Wraparound CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0CVE-2018-12538
https://notcve.org/view.php?id=CVE-2018-12538
22 Jun 2018 — In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore. En Eclipse Jetty, desde la versión 9.4.0 hasta la 9.4.8, al emplear el FileSessionDataStore opcional provisto por Jetty para el almacenamiento persistente de detalles HttpSession, e... • http://www.securitytracker.com/id/1041194 • CWE-6: J2EE Misconfiguration: Insufficient Session-ID Length CWE-384: Session Fixation •
CVSS: 3.1EPSS: 0%CPEs: 55EXPL: 0CVE-2017-10345 – OpenJDK: unbounded resource use in JceKeyStore deserialization (Serialization, 8181370)
https://notcve.org/view.php?id=CVE-2017-10345
19 Oct 2017 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulne... • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html • CWE-770: Allocation of Resources Without Limits or Throttling •