Page 64 of 425 results (0.008 seconds)

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0

CVE-2019-14856 – ansible: Incomplete fix for CVE-2019-10206

https://notcve.org/view.php?id=CVE-2019-14856

ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None ansible versiones anteriores a 2.8.6, 2.7.14, 2.6.20 es vulnerable a un None The fix for CVE-2019-10206 was found to be incomplete for the data disclosure flaw in ansible. Password prompts in ansible-playbook and ansible-cli tools could expose passwords with special characters as they are not properly wrapped. A password with special characters is exposed starting with the first of these special characters. The highest threat from this vulnerability is to data confidentiality. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html https://access.redhat.com/errata/RHSA-2020:0756 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14856 https://access.redhat.com/security/cve/CVE-2019-14856 https://bugzilla.redhat.com/show_bug.cgi?id=1760829 • CWE-287: Improper Authentication •

CVSS: 9.8EPSS: 1%CPEs: 10EXPL: 0

CVE-2019-17545

https://notcve.org/view.php?id=CVE-2019-17545

GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded. GDAL versiones hasta 3.0.1, presenta una vulnerabilidad de doble liberación de poolDestroy en la función OGRExpatRealloc en el archivo ogr/ogr_expat.cpp cuando se excede el umbral de 10 MB. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00022.html https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16178 https://github.com/OSGeo/gdal/commit/148115fcc40f1651a5d15fa34c9a8c528e7147bb https://lists.debian.org/debian-lts-announce/2019/11/msg00005.html https://lists.debian.org/debian-lts-announce/2022/01/msg00004.html https://lists.debian.org/debian-lts-announce/2022/09/msg00040.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message& • CWE-415: Double Free •

CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 2

CVE-2019-17455

https://notcve.org/view.php?id=CVE-2019-17455

Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request. Libntlm versiones hasta 1.5, se basa en un tamaño de búfer fijo para operaciones de lectura y escritura de las funciones tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge y tSmbNtlmAuthResponse, como es demostrado por una lectura excesiva de búfer en la región heap de la memoria en la función buildSmbNtlmAuthRequest en el archivo smbutil.c para una petición NTLM especialmente diseñada. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00032.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942145 https://gitlab.com/jas/libntlm/issues/2 https://lists.debian.org/debian-lts-announce/2020/05/msg00010.html https://lists.debian.org/debian-lts-announce/2021/11/msg00026.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BVFO3OVJPMSGIXBKNOCVOJZ3UTGZQF5 • CWE-125: Out-of-bounds Read •

CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0

CVE-2019-14846 – ansible: secrets disclosed on logs when no_log enabled

https://notcve.org/view.php?id=CVE-2019-14846

In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process. En Ansible, todas las versiones de Ansible Engine hasta ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, se registraban en el nivel DEBUG, lo que conlleva a la divulgación de credenciales si un plugin usó una biblioteca que registraba credenciales en el nivel DEBUG. Este defecto no afecta a los módulos de Ansible, ya que son ejecutados en un proceso separado. Ansible was logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html https://access.redhat.com/errata/RHSA-2019:3201 https://access.redhat.com/errata/RHSA-2019:3202 https://access.redhat.com/errata/RHSA-2019:3203 https://access.redhat.com/errata/RHSA-2019:3207 https://access.redhat.com/errata/RHSA-2020:0756 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14846 https://github.com/ansible/ansible • CWE-117: Improper Output Neutralization for Logs CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 1

CVE-2019-16709 – ImageMagick: memory leak in coders/dps.c

https://notcve.org/view.php?id=CVE-2019-16709

ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. ImageMagick versión 7.0.8-35, presenta una pérdida de memoria en el archivo coders/dps.c, como es demostrado mediante la función XCreateImage. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00045.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00042.html https://github.com/ImageMagick/ImageMagick/issues/1531 https://usn.ubuntu.com/4192-1 https://access.redhat.com/security/cve/CVE-2019-16709 https://bugzilla.redhat.com/show_bug.cgi?id=1801661 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •