Page 59 of 400 results (0.012 seconds)

CVSS: 9.8EPSS: 2%CPEs: 4EXPL: 0

CVE-2019-9895

https://notcve.org/view.php?id=CVE-2019-9895

In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding. En PuTTY, en versiones anteriores a la 0.71 en Unix, existe un desbordamiento de búfer desencadenable remotamente en cualquier tipo de redirección servidor-a-cliente. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36LWQ3NPFIV7DC7TC4KFPRYRH2OR7SZ2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LDO3F267P347E6U2IILFCYW7JPTLCCES https://seclists.org/bugtraq/2019/Apr/6 https://security.netapp.com/advisory/ntap-20190404-0001 https://www.chiark.greenend.org • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 2%CPEs: 7EXPL: 0

CVE-2019-9894

https://notcve.org/view.php?id=CVE-2019-9894

A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification. Puede ocurrir una sobrescritura de memoria desencadenable remotamente en el intercambio de claves RSA en PuTTY, en versiones anteriores a la 0.71, antes de la verificación de claves del host. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00020.html https://lists.debian.org/debian-lts-announce/2019/04/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36LWQ3NPFIV7DC7TC4KFPRYRH2OR7SZ2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LDO3F267P347E6U2IILFCYW7JPTLCCES https://seclists.org/bugtraq/2019/Apr/6 https://security. • CWE-320: Key Management Errors •

CVSS: 9.3EPSS: 0%CPEs: 18EXPL: 0

CVE-2019-3855 – libssh2: Integer overflow in transport read resulting in out of bounds write

https://notcve.org/view.php?id=CVE-2019-3855

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. Se ha descubierto un error de desbordamiento de enteros que podría conducir a una escritura fuera de límites en libssh2, en versiones anteriores a la 1.8.1, en la forma en la que los paquetes se leen desde el servidor. Un atacante remoto que comprometa un servidor SSH podría ser capaz de ejecutar código en el sistema del cliente cuando un usuario se conecta al servidor An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html http://seclists.org/fulldisclosure/2019/Sep/42 http://www.openwall.com/lists/oss-security/2019/03/18/3 http://www.securityfocus.com/bid/107485 https://access.redhat.com/errata/RHSA-2019:0679 https://access.redhat.com/errata/RHSA-2019:1175 https:// • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •

CVSS: 9.1EPSS: 1%CPEs: 8EXPL: 0

CVE-2019-3859

https://notcve.org/view.php?id=CVE-2019-3859

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. Se ha descubierto un error de lectura fuera de límites en libssh2, en versiones anteriores a la 1.8.1, en las funciones _libssh2_packet_require y _libssh2_packet_requirev. Un atacante remoto que comprometa un servidor SSH podría ser capaz de provocar una denegación de servicio o una lectura de datos en la memoria del cliente. • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00102.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00103.html http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html http://www.openwall.com/lists/oss-security/2019/03/18/3 http://www.securityfocus.com/bid/107485 https://bugzilla • CWE-125: Out-of-bounds Read •

CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 0

CVE-2019-3862 – libssh2: Out-of-bounds memory comparison with specially crafted message channel request

https://notcve.org/view.php?id=CVE-2019-3862

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. Se ha descubierto un error de lectura fuera de límites en libssh2, en versiones anteriores a la 1.8.1, en la forma en la que se analizan los paquetes SSH_MSG_CHANNEL_REQUEST con un mensaje de estado de salida y sin carga útil. Un atacante remoto que comprometa un servidor SSH podría ser capaz de provocar una denegación de servicio o una lectura de datos en la memoria del cliente. An out of bounds read flaw was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html http://www.openwall.com/lists/oss-security/2019/03/18/3 http://www.securityfocus.com/bid/107485 https://access.redhat.com/errata/RHSA-2019:1884 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862 https://lists.debian.org/debian-lts-announce/2019 • CWE-125: Out-of-bounds Read CWE-130: Improper Handling of Length Parameter Inconsistency •