CVSS: 10.0EPSS: 0%CPEs: 58EXPL: 0CVE-2019-5490
https://notcve.org/view.php?id=CVE-2019-5490
Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed version of Service Processor firmware IMMEDIATELY. Ciertas versiones entre la 2.x y la 5.x (véase el advisory) del firmware de NetApp Service Processor se distribuían con una cuenta por defecto habilitada que podría permitir la ejecución no autorizada de comandos arbitrarios. Cualquier plataforma listada en la sección "impact" del advisory podría haberse visto afectada y debe actualizarse a una versión solucionada del firmware de Service Processor INMEDIATAMENTE. • http://support.lenovo.com/us/en/solutions/LEN-26771 https://security.netapp.com/advisory/ntap-20190305-0001 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 0CVE-2019-3856 – libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write
https://notcve.org/view.php?id=CVE-2019-3856
An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. Se ha descubierto un error de desbordamiento de enteros que podría conducir a una escritura fuera de límites en libssh2, en versiones anteriores a la 1.8.1, en la forma en la que se analizan las peticiones de comandos de teclado. Un atacante remoto que comprometa un servidor SSH podría ser capaz de ejecutar código en el sistema del cliente cuando un usuario se conecta al servidor. An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 in the way keyboard prompt requests are parsed. • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html https://access.redhat.com/errata/RHSA-2019:0679 https://access.redhat.com/errata/RHSA-2019:1175 https://access.redhat.com/errata/RHSA-2019:1652 https://access.redhat.com/errata/RHSA-2019:1791 https://access.redhat.com/errata/RHSA-2019:1943 https://access.redhat.com/errata/RHSA-2019:2399 https://bugzilla.redhat.com/show_bug.cgi?id&# • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 0CVE-2019-3857 – libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write
https://notcve.org/view.php?id=CVE-2019-3857
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. Se ha descubierto un error de desbordamiento de enteros que podría conducir a una escritura fuera de límites en libssh2, en versiones anteriores a la 1.8.1, en la forma en la que se analizan los paquetes SSH_MSG_CHANNEL_REQUEST con una señal de salida. Un atacante remoto que comprometa un servidor SSH podría ser capaz de ejecutar código en el sistema del cliente cuando un usuario se conecta al servidor. An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html https://access.redhat.com/errata/RHSA-2019:0679 https://access.redhat.com/errata/RHSA-2019:1175 https://access.redhat.com/errata/RHSA-2019:1652 https://access.redhat.com/errata/RHSA-2019:1791 https://access.redhat.com/errata/RHSA-2019:1943 https://access.redhat.com/errata/RHSA-2019:2399 https://bugzilla.redhat.com/show_bug.cgi?id&# • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 18EXPL: 0CVE-2019-3855 – libssh2: Integer overflow in transport read resulting in out of bounds write
https://notcve.org/view.php?id=CVE-2019-3855
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. Se ha descubierto un error de desbordamiento de enteros que podría conducir a una escritura fuera de límites en libssh2, en versiones anteriores a la 1.8.1, en la forma en la que los paquetes se leen desde el servidor. Un atacante remoto que comprometa un servidor SSH podría ser capaz de ejecutar código en el sistema del cliente cuando un usuario se conecta al servidor An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html http://seclists.org/fulldisclosure/2019/Sep/42 http://www.openwall.com/lists/oss-security/2019/03/18/3 http://www.securityfocus.com/bid/107485 https://access.redhat.com/errata/RHSA-2019:0679 https://access.redhat.com/errata/RHSA-2019:1175 https:// • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 1%CPEs: 5EXPL: 0CVE-2019-3861 – libssh2: Out-of-bounds reads with specially crafted SSH packets
https://notcve.org/view.php?id=CVE-2019-3861
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. Se ha descubierto un error de lectura fuera de límites en libssh2, en versiones anteriores a la 1.8.1, en la forma en la que se analizan los paquetes SSH con un valor de longitud de relleno mayor que el propio paquete. Un atacante remoto que comprometa un servidor SSH podría ser capaz de provocar una denegación de servicio o una lectura de datos en la memoria del cliente. An out of bounds read flaw was discovered in libssh2 in the way SSH packets with a padding length value greater than the packet length are parsed. • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html https://access.redhat.com/errata/RHSA-2019:2136 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3861 https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O https://seclists.org/bugtraq/2019/Apr/25 https://secu • CWE-125: Out-of-bounds Read •