CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-19270
https://notcve.org/view.php?id=CVE-2019-19270
An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry (checking twice for subject, rather than once for subject and once for issuer) prevents some valid CRLs from being taken into account, and can allow clients whose certificates have been revoked to proceed with a connection to the server. Se detectó un problema en la función tls_verify_crl en ProFTPD versiones hasta 1.3.6b. Un fallo en la comprobación del campo apropiado de una entrada de CRL (verificando dos veces por tema, en lugar de una vez por tema y una vez por emisor), impide tener en cuenta algunas CRL válidas y puede permitir que clientes cuyos certificados han sido revocados continúen con una conexión en el servidor. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html https://github.com/proftpd/proftpd/issues/859 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGBBCPLJSDPFG5EI5P5G7P4KEX7YSD5G https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QR65XUHPCRU3NXTSFVF2J4GWRIHC7AHW • CWE-295: Improper Certificate Validation •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2019-13723 – chromium-browser: use-after-free in bluetooth
https://notcve.org/view.php?id=CVE-2019-13723
Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en WebBluetooth en Google Chrome versiones anteriores a 78.0.3904.108, permitió a un atacante remoto, que había comprometido el proceso del renderizador, explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00035.html https://access.redhat.com/errata/RHSA-2019:3955 https://chromereleases.googleblog.com/2019/11/stable-channel-update-for-desktop_18.html https://crbug.com/1024121 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/54XWRJ5LDFL27QXBPIBX3EHO4TPMKN4R https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/USW7PGIHNPE6W3LGY6ZDFLELQGSL52CH https://security.gentoo.org/glsa/202003- • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 45%CPEs: 8EXPL: 1CVE-2019-11287 – RabbitMQ Web Management Plugin DoS via heap overflow
https://notcve.org/view.php?id=CVE-2019-11287
Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing. Pivotal RabbitMQ, versiones 3.7.x anteriores a 3.7.21 y versiones 3.8.x anteriores a 3.8.1, y RabbitMQ para Pivotal Platform, versiones 1.16.x anteriores a 1.16.7 y versiones 1.17.x versiones anteriores a 1.17.4, contienen un plugin de administración web que es vulnerable a un ataque de denegación de servicio. El encabezado "X-Reason" de HTTP puede ser aprovechado para insertar una cadena de formato Erlang maliciosa que expandirá y consumirá la pila, resultando en el bloqueo del servidor. A resource-consumption flaw was identified in the rabbitmq-server web management plugin. • https://access.redhat.com/errata/RHSA-2020:0078 https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-11287-DoS%20via%20Heap%20Overflow-RabbitMQ%20Web%20Management%20Plugin https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EEQ6O7PMNJKYFMQYHAB55L423GYK63SO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYTGR3D5FW2O25RXZOTIZMOD2HAUVBE4 https://pivotal.io/security/cve-2 • CWE-20: Improper Input Validation CWE-134: Use of Externally-Controlled Format String CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2019-18622
https://notcve.org/view.php?id=CVE-2019-18622
An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature. Se detectó un problema en phpMyAdmin versiones anteriores a 4.9.2. Se puede utilizar un nombre de base de datos/tabla diseñado para desencadenar un ataque de inyección SQL por medio de la funcionalidad designer. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BA4DGF7KTQS6WA2DRNJSW66L43WB7LRV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5GW4KEMNCBQYZCIXEJYC42OEBBN2NSH https://security.gentoo.org/glsa/202003-39 https://www.phpmyadmin.net/security/PMASA-2019-5 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 3CVE-2019-19203 – oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c
https://notcve.org/view.php?id=CVE-2019-19203
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read. Se detectó un problema en Oniguruma versiones 6.x anteriores a 6.9.4_rc2. En la función gb18030_mbc_enc_len en el archivo gb18030.c, un puntero UChar es desreferenciado sin comprobar si pasó el final de la cadena coincidente. • https://github.com/ManhNDd/CVE-2019-19203 https://github.com/tarantula-team/CVE-2019-19203 https://github.com/kkos/oniguruma/issues/163 https://github.com/kkos/oniguruma/releases/tag/v6.9.4_rc2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NO267PLHGYZSWX3XTRPKYBKD4J3YOU5V https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3MBNW6Z4DOXSCNWGBLQ7OA3OGUJ44WL https://access.redhat.com/security/cve/CVE-2019-19203 https://bu • CWE-125: Out-of-bounds Read •