CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0CVE-2019-18179
https://notcve.org/view.php?id=CVE-2019-18179
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, even tickets in a queue where the attacker doesn't have permissions. Se descubrió un problema en Open Ticket Request System (OTRS) versiones 7.0.x hasta la versión 7.0.12, y Community Edition versiones 5.0.x hasta 5.0.38 y 6.0.x hasta 6.0.23. Un atacante que ha iniciado sesión en OTRS como un agente es capaz de enumerar los tickets asignados a otros agentes, inclusive los tickets en una cola donde el atacante no tiene permisos. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html https://community.otrs.com/security-advisory-2019-14-security-update-for-otrs-framework https://lists.debian.org/debian-lts-announce/2020/01/msg00000.html https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2019-19917
https://notcve.org/view.php?id=CVE-2019-19917
Lout 3.40 has a buffer overflow in the StringQuotedWord() function in z39.c. Lout versión 3.40, presenta un desbordamiento de búfer en la función StringQuotedWord() en el archivo z39.c. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00068.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00069.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00011.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5OXECUBSXEO7S3TCLSBCITLQIMOCL6MV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEJVEIQMRXJ26ZT • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2019-19918
https://notcve.org/view.php?id=CVE-2019-19918
Lout 3.40 has a heap-based buffer overflow in the srcnext() function in z02.c. Lout versión 3.40, presenta un desbordamiento de búfer en la región heap de la memoria en la función srcnext() en el archivo z02.c. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00068.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00069.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00011.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5OXECUBSXEO7S3TCLSBCITLQIMOCL6MV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEJVEIQMRXJ26ZT • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2019-19462
https://notcve.org/view.php?id=CVE-2019-19462
relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result. La función relay_open en el archivo kernel/relay.c en el kernel de Linux versiones hasta 5.4.1, permite a usuarios locales causar una denegación de servicio (tal y como un bloqueo de retransmisión) al desencadenar un resultado NULL de alloc_percpu. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://lore.kernel.org/lkml/20191129013745.7168-1-dja%40axtens.net https://security.netapp.com/advisory/ntap-20210129-0004 https://syzkaller-ppc64.appspot.com/bug?id=1c09906c83a8ea811a9e318c2a4f8e243becc6f8 https://syzkaller-ppc64.appspot.com/bug?id=b05b4d005191cc375cdf848c3d4d980308d50531 https://syzkaller&# • CWE-476: NULL Pointer Dereference •
CVSS: 7.3EPSS: 0%CPEs: 4EXPL: 1CVE-2019-18934 – unbound: command injection with data coming from a specially crafted IPSECKEY answer
https://notcve.org/view.php?id=CVE-2019-18934
Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in the configuration. Unbound versiones 1.6.4 hasta 1.9.4, contiene una vulnerabilidad en el módulo ipsec que puede causar una ejecución de código de shell después de recibir una respuesta especialmente diseñada. Este problema solo puede ser activado si unbound fue compilado con el soporte "--enable-ipsecmod", e ipsecmod está habilitado y usado en la configuración. A shell command injection vulnerability was discovered in the way unbound handles DNS queries for systems with a public key used for IPsec. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00069.html http://www.openwall.com/lists/oss-security/2019/11/19/1 https://github.com/NLnetLabs/unbound/blob/release-1.9.5/doc/Changelog https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MOCR6JP7MSRARTOGEHGST64G4FJGX5VK https://www.nlnetlabs.nl/downloads/unbound/CVE-2019-18934.txt https://www.nlnetlabs.nl/news/2019/No • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •