CVSS: 5.3EPSS: 0%CPEs: 18EXPL: 0CVE-2019-1551 – rsaz_512_sqr overflow bug on x86_64
https://notcve.org/view.php?id=CVE-2019-1551
There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=419102400a2811582a7a3d4a4e317d72e5ce0a8f https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=f1c5eea8a817075d31e43f5876993c6710238c98 https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/messag • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2012-1115
https://notcve.org/view.php?id=CVE-2012-1115
A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php. Se presenta una vulnerabilidad de tipo Cross-Site Scripting (XSS) en LDAP Account Manager (LAM) Pro versión 3.6, en los parámetros export, add_value_form y dn en el archivo cmd.php. • http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089297.html http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089313.html http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089328.html http://www.openwall.com/lists/oss-security/2012/03/05/24 http://www.openwall.com/lists/oss-security/2012/03/12/1 http://www.openwall.com/lists/oss-security/2012/03/12/10 http://www.securityfocus.com/bid/52255 https://bugzilla.redhat.com&#x • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2012-1114
https://notcve.org/view.php?id=CVE-2012-1114
A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to list.php. Se presenta una vulnerabilidad de tipo Cross-Site Scripting (XSS) en LDAP Account Manager (LAM) Pro versión 3.6, en el parámetro filter en el archivo cmd.php en una acción export y exporter_id y el parámetro filteruid en el archivo list.php. • http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089297.html http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089313.html http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089328.html http://www.openwall.com/lists/oss-security/2012/03/05/24 http://www.openwall.com/lists/oss-security/2012/03/12/1 http://www.openwall.com/lists/oss-security/2012/03/12/10 http://www.securityfocus.com/bid/52255 https://bugzilla.redhat.com&#x • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2012-1105
https://notcve.org/view.php?id=CVE-2012-1105
An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner. Se presenta una vulnerabilidad de Divulgación de Información en el paquete Jasig Project php-pear-CAS versión 1.2.2 en el directorio /tmp. La biblioteca del cliente Central Authentication Service guarda el archivo de registro de depuración de manera no segura. • http://www.openwall.com/lists/oss-security/2012/03/05/7 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1105 https://gitlab.vsb.cz/kal0178/sixmon/blob/b18bcde090dc38fc968a0b1e38d1dab08b8c369e/web/lib/CAS/CAS-1.3.5/docs/ChangeLog https://security-tracker.debian.org/tracker/CVE-2012-1105 https://www.securityfocus.com/bid/52280 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2019-19579
https://notcve.org/view.php?id=CVE-2019-19579
An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device (and assignable-add is not used), because of an incomplete fix for CVE-2019-18424. XSA-302 relies on the use of libxl's "assignable-add" feature to prepare devices to be assigned to untrusted guests. Unfortunately, this is not considered a strictly required step for device assignment. The PCI passthrough documentation on the wiki describes alternate ways of preparing devices for assignment, and libvirt uses its own ways as well. Hosts where these "alternate" methods are used will still leave the system in a vulnerable state after the device comes back from a guest. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html http://www.openwall.com/lists/oss-security/2019/12/05/7 http://xenbits.xen.org/xsa/advisory-306.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RJYT5FNGM7JSVHHW6B22TSAATBOAPFPD https://seclists.org/bugtraq/2020/Jan/21 https://www.debian.org/security/2020/dsa-4602 https://www.openwall.com/lists/oss-security/2019/11/26/2 https://xenbits.xen.org/xsa/advisory-30 • CWE-20: Improper Input Validation •