Page 62 of 400 results (0.012 seconds)

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2019-9705

https://notcve.org/view.php?id=CVE-2019-9705

Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (memory consumption) via a large crontab file because an unlimited number of lines is accepted. Vixie Cron, en versiones anteriores a la 3.0pl1-133 en el paquete Debian, permite a los usuarios locales provocar una denegación de servicio (consumo de memoria) debido a un número de líneas ilimitado. • http://www.securityfocus.com/bid/107378 https://lists.debian.org/debian-lts-announce/2019/03/msg00025.html https://lists.debian.org/debian-lts-announce/2021/10/msg00029.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DU7HAUAQR4E4AEBPYLUV6FZ4PHKH6A2 https://salsa.debian.org/debian/cron/commit/26814a26 • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2019-9704

https://notcve.org/view.php?id=CVE-2019-9704

Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (daemon crash) via a large crontab file because the calloc return value is not checked. Vixie Cron, en versiones anteriores a la 3.0pl1-133 en el paquete Debian, permite a los usuarios locales provocar una denegación de servicio (cierre de demonio) mediante un archivo crontab largo debido a que el valor de retorno no se comprueba. • http://www.securityfocus.com/bid/107373 https://lists.debian.org/debian-lts-announce/2019/03/msg00025.html https://lists.debian.org/debian-lts-announce/2021/10/msg00029.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DU7HAUAQR4E4AEBPYLUV6FZ4PHKH6A2 https://salsa.debian.org/debian/cron/commit/f2525567 • CWE-252: Unchecked Return Value CWE-476: NULL Pointer Dereference •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2019-9687

https://notcve.org/view.php?id=CVE-2019-9687

PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp. PoDoFo, en su versión 0.9.6, tiene un desbordamiento de búfer basado en memoria dinámica (heap) en PdfString::ConvertUTF16toUTF8 en base/PdfString.cpp. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CIC2EXSSMBT3MY2HY42IIY4BUQS2SVYB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NTJ5AAM6Y4NMSELEH7N5ZG4DNO56BCYF https://sourceforge.net/p/podofo/code/1969 • CWE-787: Out-of-bounds Write •

CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0

CVE-2019-9658

https://notcve.org/view.php?id=CVE-2019-9658

Checkstyle before 8.18 loads external DTDs by default. Checkstyle, en versiones anteriores a la 8.18, carga DTD externas por defecto. • https://checkstyle.org/releasenotes.html#Release_8.18 https://github.com/checkstyle/checkstyle/issues/6474 https://github.com/checkstyle/checkstyle/issues/6478 https://github.com/checkstyle/checkstyle/pull/6476 https://lists.apache.org/thread.html/6bf8bbbca826e883f09ba40bc0d319350e1d6d4cf4df7c9e399b2699%40%3Ccommits.fluo.apache.org%3E https://lists.apache.org/thread.html/7eea10e7be4c21060cb1e79f6524c6e6559ba833b1465cd2870a56b9%40%3Cserver-dev.james.apache.org%3E https://lists.apache.org/thread.html/994221405e940e148adcfd9cb24ffc6700bed70c7820c55a22559d26 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 9.8EPSS: 1%CPEs: 41EXPL: 0

CVE-2019-9636 – python: Information Disclosure due to urlsplit improper NFKC normalization

https://notcve.org/view.php?id=CVE-2019-9636

Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html http://www.securityfocus.com/bid/107400 https://access. • CWE-172: Encoding Error •