CVSS: 8.8EPSS: 2%CPEs: 5EXPL: 2CVE-2018-14550 – Slackware Security Advisory - libpng Updates
https://notcve.org/view.php?id=CVE-2018-14550
18 Apr 2019 — An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png. Se detecto un problema en la decodificación PNM de terceros asociada con libpng versión 1.6.35. Es un desbordamiento de búfer en la región stack de la memoria en la función get_token en el archivo pnm2png.c en pnm2png. Multiple vulnerabilities have been found in libpng, the worst of which could result in a Denial of Service condition. • https://github.com/fouzhe/security/tree/master/libpng#stack-buffer-overflow-in-png2pnm-in-function-get_token • CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 5%CPEs: 180EXPL: 0CVE-2019-1559 – 0-byte record padding oracle
https://notcve.org/view.php?id=CVE-2019-1559
26 Feb 2019 — If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order ... • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html • CWE-203: Observable Discrepancy CWE-325: Missing Cryptographic Step •
CVSS: 9.1EPSS: 79%CPEs: 15EXPL: 40CVE-2018-10933 – libSSH - Authentication Bypass
https://notcve.org/view.php?id=CVE-2018-10933
17 Oct 2018 — A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access. Se ha detectado una vulnerabilidad en la máquina de estado del lado del servidor de libssh en versiones anteriores a la 0.7.6 y 0.8.4. Un cliente malicioso podría crear canales sin realizar antes la autenticación, lo que resulta en un acceso no autorizado. USN-3795-1 fixed a vulnerability in libssh... • https://packetstorm.news/files/id/181227 • CWE-287: Improper Authentication CWE-592: DEPRECATED: Authentication Bypass Issues •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-2598
https://notcve.org/view.php?id=CVE-2018-2598
18 Jul 2018 — Vulnerability in the MySQL Workbench component of Oracle MySQL (subcomponent: Workbench: Security: Encryption). Supported versions that are affected are 6.3.10 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Workbench. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Workbench accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3469
https://notcve.org/view.php?id=CVE-2017-3469
24 Apr 2017 — Vulnerability in the MySQL Workbench component of Oracle MySQL (subcomponent: Workbench: Security : Encryption). Supported versions that are affected are 6.3.8 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Workbench. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Workbench accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). • http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html •