CVSS: 5.5EPSS: 0%CPEs: 99EXPL: 1CVE-2019-9706
https://notcve.org/view.php?id=CVE-2019-9706
Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (use-after-free and daemon crash) because of a force_rescan_user error. Vixie Cron, en versiones anteriores a la 3.0pl1-133 en el paquete Debian, permite a los usuarios locales provocar una denegación de servicio (uso de memoria previamente liberada y cierre inesperado del demonio) debido a un error de force_rescan_user. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809167 https://lists.debian.org/debian-lts-announce/2019/03/msg00025.html https://lists.debian.org/debian-lts-announce/2021/10/msg00029.html https://packages.qa.debian.org/c/cron/news/20190311T170403Z.html https://salsa.debian.org/debian/cron/commit/40791b93 • CWE-416: Use After Free •
CVSS: 5.7EPSS: 0%CPEs: 10EXPL: 0CVE-2018-14662 – ceph: authenticated user with read only permissions can steal dm-crypt / LUKS key
https://notcve.org/view.php?id=CVE-2018-14662
It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption. En Ceph en versiones anteriores a la 13.2.4, se ha detectado que los usuarios ceph autenticados con permisos de solo lectura podrían robar las claves de cifrado dm-crypt empleadas durante el cifrado de disco ceph. It was found that authenticated ceph user with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html https://access.redhat.com/errata/RHSA-2019:2538 https://access.redhat.com/errata/RHSA-2019:2541 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14662 https://ceph.com/releases/13-2-4-mimic-released https://lists.debian.org/debian-lts-announce/2019/03/msg00002.html https://lists.debian.org/debian-lts-announce/2021/08/msg00013.html https://usn.ubuntu.com/4035-1 https://access.redhat.com/securi • CWE-285: Improper Authorization CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2018-16846 – ceph: ListBucket max-keys has no defined limit in the RGW codebase
https://notcve.org/view.php?id=CVE-2018-16846
It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices. Se ha detectado en Ceph, en versiones anteriores a la 13.2.4, que los usuarios ceph RGW autenticados pueden provocar una denegación de servicio (DoS) contra los índices OMAP de depósito de retención. A flaw was found in the way the ListBucket function max-keys has no defined limit in the RGW codebase. An authenticated ceph RGW user can cause a denial of service attack against OMAPs holding bucked indices. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html https://access.redhat.com/errata/RHSA-2019:2538 https://access.redhat.com/errata/RHSA-2019:2541 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16846 https://ceph.com/releases/13-2-4-mimic-released https://lists.debian.org/debian-lts-announce/2019/03/msg00002.html https://lists.debian.org/debian-lts-announce/2021/08/msg00013.html https://usn.ubuntu.com/4035-1 https://access.redhat.com/securi • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-19200
https://notcve.org/view.php?id=CVE-2018-19200
An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function. Se ha descubierto un problema en versiones anteriores a la 0.9.0 de uriparser. UriCommon.c permite el intento de operaciones en entradas NULL mediante una función uriResetUri*. • https://github.com/uriparser/uriparser/blob/uriparser-0.9.0/ChangeLog https://github.com/uriparser/uriparser/commit/f58c25069cf4a986fe17a80c5b38687e31feb539 https://lists.debian.org/debian-lts-announce/2018/11/msg00019.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 114EXPL: 0CVE-2018-15756 – DoS Attack via Range Requests
https://notcve.org/view.php?id=CVE-2018-15756
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. • http://www.securityfocus.com/bid/105703 https://lists.apache.org/thread.html/339fd112517e4873695b5115b96acdddbfc8f83b10598528d37c7d12%40%3Cissues.activemq.apache.org%3E https://lists.apache.org/thread.html/77886fec378ee6064debb1efb6b464a4a0173b2ff0d151ed86d3a228%40%3Cissues.activemq.apache.org%3E https://lists.apache.org/thread.html/7b156ee50ba3ecce87b33c06bf7a749d84ffee55e69bfb5eca88fcc3%40%3Cissues.activemq.apache.org%3E https://lists.apache.org/thread.html/8a1fe70534fc52ff5c9db5ac29c55657f802cbefd7e9d9850c7052bd%40%3Cissues.activemq.apache.org%3E https://lists.apache.org/ • CWE-20: Improper Input Validation •