Page 56 of 329 results (0.006 seconds)

CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 2

CVE-2019-17455

https://notcve.org/view.php?id=CVE-2019-17455

Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request. Libntlm versiones hasta 1.5, se basa en un tamaño de búfer fijo para operaciones de lectura y escritura de las funciones tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge y tSmbNtlmAuthResponse, como es demostrado por una lectura excesiva de búfer en la región heap de la memoria en la función buildSmbNtlmAuthRequest en el archivo smbutil.c para una petición NTLM especialmente diseñada. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00032.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942145 https://gitlab.com/jas/libntlm/issues/2 https://lists.debian.org/debian-lts-announce/2020/05/msg00010.html https://lists.debian.org/debian-lts-announce/2021/11/msg00026.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BVFO3OVJPMSGIXBKNOCVOJZ3UTGZQF5 • CWE-125: Out-of-bounds Read •

CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0

CVE-2019-14846 – ansible: secrets disclosed on logs when no_log enabled

https://notcve.org/view.php?id=CVE-2019-14846

In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process. En Ansible, todas las versiones de Ansible Engine hasta ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, se registraban en el nivel DEBUG, lo que conlleva a la divulgación de credenciales si un plugin usó una biblioteca que registraba credenciales en el nivel DEBUG. Este defecto no afecta a los módulos de Ansible, ya que son ejecutados en un proceso separado. Ansible was logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html https://access.redhat.com/errata/RHSA-2019:3201 https://access.redhat.com/errata/RHSA-2019:3202 https://access.redhat.com/errata/RHSA-2019:3203 https://access.redhat.com/errata/RHSA-2019:3207 https://access.redhat.com/errata/RHSA-2020:0756 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14846 https://github.com/ansible/ansible • CWE-117: Improper Output Neutralization for Logs CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 6.5EPSS: 35%CPEs: 10EXPL: 0

CVE-2019-11779

https://notcve.org/view.php?id=CVE-2019-11779

In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur. En Eclipse Mosquitto versiones 1.5.0 hasta 1.6.5 incluyéndola, si un cliente MQTT malicioso envía un paquete SUBSCRIBE que contiene un tema que consta de aproximadamente 65400 o más caracteres '/', es decir, el separador de jerarquía de temas, entonces ocurrirá un desbordamiento de la pila. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00077.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00008.html https://bugs.eclipse.org/bugs/show_bug.cgi?id=551160 https://lists.debian.org/debian-lts-announce/2019/10/msg00035.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4WMHIM64Q35NGTR6R3ILZUL4MA4ANB5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFWQBNFTAVHPUYNGYO2TCPF5PCSWC2Z7 https:&# • CWE-674: Uncontrolled Recursion CWE-754: Improper Check for Unusual or Exceptional Conditions •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

CVE-2019-16159

https://notcve.org/view.php?id=CVE-2019-16159

BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon's support for RFC 8203 administrative shutdown communication messages included an incorrect logical expression when checking the validity of an input message. Sending a shutdown communication with a sufficient message length causes a four-byte overflow to occur while processing the message, where two of the overflow bytes are attacker-controlled and two are fixed. BIRD Internet Routing Daemon versiones 1.6.x hasta 1.6.7 y versiones 2.x hasta 2.0.5, presenta un desbordamiento de búfer en la región stack de la memoria. El soporte del demonio BGP para los mensajes de comunicación de apagado administrativo RFC 8203 incluía una expresión lógica incorrecta cuando se comprueba la validez de un mensaje de entrada. • http://bird.network.cz http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00063.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00065.html http://trubka.network.cz/pipermail/bird-users/2019-September/013718.html http://trubka.network.cz/pipermail/bird-users/2019-September/013720.html http://trubka.network.cz/pipermail/bird-users/2019-September/013722.html https://gitlab.labs.nic.cz/labs/bird/commit/1657c41c96b3c07d9265b07dd4912033ead4124b https://gitlab.labs.nic.cz/l • CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

CVE-2016-10937

https://notcve.org/view.php?id=CVE-2016-10937

IMAPFilter through 2.6.12 does not validate the hostname in an SSL certificate. IMAPFilter a través de 2.6.12 no valida el nombre de host en un certificado SSL. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00002.html https://bugs.debian.org/939702 https://github.com/lefcha/imapfilter/issues/142 https://lists.debian.org/debian-lts-announce/2019/10/msg00040.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GBNDFMAIUA6PQMV2P6OKIP7JZQEWX7D2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IQ • CWE-295: Improper Certificate Validation •