CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 1CVE-2019-14864 – Ansible: Splunk and Sumologic callback plugins leak sensitive data in logs
https://notcve.org/view.php?id=CVE-2019-14864
Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data. Ansible, versiones 2.9.x anteriores a la versión 2.9.1, versiones 2.8.x anteriores a la versión 2.8.7 y Ansible versiones 2.7.x anteriores a la versión 2.7.15, no respeta el flag no_log, configurado en True cuando los plugins de devolución de llamada Sumologic y Splunk son usados para enviar eventos de resultados de tareas para coleccionistas. Esto revelaría y recolectaría cualquier información confidencial. A data disclosure flaw was found in Ansible when using the Splunk and Sumologic modules, as they are not respecting when the flag no_log is enabled. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14864 https://github.com/ansible/ansible/issues/63522 https://github.com/ansible/ansible/pull/63527 https://www.debian.org/security/2021/dsa-4950 https://access.redhat.com/security/cve/CVE-2019-14864 https://bugzilla.redhat.com/show_bug.cgi?id=1764148 • CWE-117: Improper Output Neutralization for Logs CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 1CVE-2013-6461
https://notcve.org/view.php?id=CVE-2013-6461
Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits La gema Nokogiri versiones 1.5.x y 1.6.x, tienebn una DoS durante el análisis de entidades XML al fallar para aplicar límites. • http://www.openwall.com/lists/oss-security/2013/12/27/2 http://www.securityfocus.com/bid/64513 https://access.redhat.com/security/cve/cve-2013-6461 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6461 https://exchange.xforce.ibmcloud.com/vulnerabilities/90059 https://security-tracker.debian.org/tracker/CVE-2013-6461 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 1CVE-2013-6460
https://notcve.org/view.php?id=CVE-2013-6460
Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents La gema Nokogiri versiones 1.5.x, tiene una Denegación de Servicio por medio de un bucle infinito cuando se analizan documentos XML. • http://www.openwall.com/lists/oss-security/2013/12/27/2 http://www.securityfocus.com/bid/64513 https://access.redhat.com/security/cve/cve-2013-6460 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6460 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-6460 https://exchange.xforce.ibmcloud.com/vulnerabilities/90058 https://security-tracker.debian.org/tracker/CVE-2013-6460 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 5.9EPSS: 0%CPEs: 7EXPL: 0CVE-2013-2255
https://notcve.org/view.php?id=CVE-2013-2255
HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates. HTTPSConnections en OpenStack Keystone versión 2013, OpenStack Compute versión 2013.1 y posiblemente otros componentes de OpenStack, no pueden comprobar los certificados SSL del lado del servidor. • https://access.redhat.com/security/cve/cve-2013-2255 https://bugs.launchpad.net/ossn/+bug/1188189 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2255 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-2255 https://exchange.xforce.ibmcloud.com/vulnerabilities/85562 https://security-tracker.debian.org/tracker/CVE-2013-2255 https://www.securityfocus.com/bid/61118 • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 95EXPL: 0CVE-2019-0820 – dotnet: timeouts for regular expressions are not enforced
https://notcve.org/view.php?id=CVE-2019-0820
A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981. Existe una vulnerabilidad de Denegación de Servicio (DoS) cuando .NET Framework y .NET Core procesan inapropiadamente cadenas RegEx, conocidas como ".NET Framework y .NET Core Denial of Service Vulnerability". Este ID de CVE es diferente de CVE-2019-0980, CVE-2019-0981. • https://access.redhat.com/errata/RHSA-2019:1259 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820 https://access.redhat.com/security/cve/CVE-2019-0820 https://bugzilla.redhat.com/show_bug.cgi?id=1705506 • CWE-400: Uncontrolled Resource Consumption •