CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2019-16378 – Debian Security Advisory 4526-1
https://notcve.org/view.php?id=CVE-2019-16378
17 Sep 2019 — OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be relevant to the origin of an e-mail message. OpenDMARC versiones hasta 1.3.2 y versiones 1.4.x hasta 1.4.0-Beta1, es propenso a una vulnerabilidad de omisión de firma con múltiples direcciones From: que podrían afectar aplicaciones que consideran que un nombre de dominio es relevante para el origen de un mensaje de... • http://www.openwall.com/lists/oss-security/2019/09/17/2 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 6.5EPSS: 37%CPEs: 4EXPL: 4CVE-2019-12922 – phpMyAdmin 4.9.0.1 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2019-12922
13 Sep 2019 — A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page. Un problema de tipo CSRF en phpMyAdmin versión 4.9.0.1, permite la eliminación de cualquier servidor en la página de Setup. phpMyAdmin version 4.9.0.1 suffers from a cross site request forgery vulnerability. • https://packetstorm.news/files/id/154483 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-16235 – Debian Security Advisory 4524-1
https://notcve.org/view.php?id=CVE-2019-16235
11 Sep 2019 — Dino before 2019-09-10 does not properly check the source of a carbons message in module/xep/0280_message_carbons.vala. Dino antes del 10-09-2019, no comprueba correctamente la fuente de un mensaje carbons en el archivo module/xep/0280_message_carbons.vala. It was discovered that Dino incorrectly validated inputs. An attacker could use this issue to possibly obtain, inject or remove sensitive information. This update also includes a fix to the encryption implementation in Dino to support 12 byte IVs, in add... • http://www.openwall.com/lists/oss-security/2019/09/12/5 • CWE-346: Origin Validation Error •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-16236 – Debian Security Advisory 4524-1
https://notcve.org/view.php?id=CVE-2019-16236
11 Sep 2019 — Dino before 2019-09-10 does not check roster push authorization in module/roster/module.vala. Dino antes del 10-09-2019, no comprueba la autorización de inserción de lista en el archivo module/roster/module.vala. Multiple vulnerabilities have been discovered in the Dino XMPP client, which could allow spoofing message, manipulation of a user's roster (contact list) and unauthorised sending of message carbons. • http://www.openwall.com/lists/oss-security/2019/09/12/5 • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-16237 – Debian Security Advisory 4524-1
https://notcve.org/view.php?id=CVE-2019-16237
11 Sep 2019 — Dino before 2019-09-10 does not properly check the source of an MAM message in module/xep/0313_message_archive_management.vala. Dino antes del 10-09-2019, no comprueba correctamente la fuente de un mensaje MAM en el archivo module/xep/0313_message_archive_management.vala. Multiple vulnerabilities have been discovered in the Dino XMPP client, which could allow spoofing message, manipulation of a user's roster (contact list) and unauthorised sending of message carbons. • http://www.openwall.com/lists/oss-security/2019/09/12/5 • CWE-346: Origin Validation Error •
CVSS: 9.8EPSS: 5%CPEs: 24EXPL: 0CVE-2019-5481 – curl: double free due to subsequent call of realloc()
https://notcve.org/view.php?id=CVE-2019-5481
11 Sep 2019 — Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. Vulnerabilidad de doble liberación en el código FTP-kerberos en cURL versiones 7.52.0 hasta 7.65.3. Thomas Vegas discovered that curl incorrectly handled memory when using Kerberos over FTP. A remote attacker could use this issue to crash curl, resulting in a denial of service. Thomas Vegas discovered that curl incorrectly handled memory during TFTP transfers. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 9.8EPSS: 10%CPEs: 30EXPL: 0CVE-2019-5482 – curl: heap buffer overflow in function tftp_receive_packet()
https://notcve.org/view.php?id=CVE-2019-5482
11 Sep 2019 — Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. Un desbordamiento del búfer de la pila en el manejador de protocolo TFTP en cURL versiones 7.19.4 hasta 7.65.3. Thomas Vegas discovered that curl incorrectly handled memory when using Kerberos over FTP. A remote attacker could use this issue to crash curl, resulting in a denial of service. Thomas Vegas discovered that curl incorrectly handled memory during TFTP transfers. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2019-16163 – oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c
https://notcve.org/view.php?id=CVE-2019-16163
09 Sep 2019 — Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c. Oniguruma versiones anteriores a 6.9.3, permite un Agotamiento de la Pila en el archivo regcomp.c debido a la recursión en el archivo regparse.c. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer over-read, buffer overflow, code execution, information leakage, integer overflow, null pointer, out of bounds read, and use-after-free vulnerabilities. • https://github.com/kkos/oniguruma/commit/4097828d7cc87589864fecf452f2cd46c5f37180 • CWE-121: Stack-based Buffer Overflow CWE-674: Uncontrolled Recursion •
CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 0CVE-2019-16159 – Debian Security Advisory 4528-1
https://notcve.org/view.php?id=CVE-2019-16159
09 Sep 2019 — BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon's support for RFC 8203 administrative shutdown communication messages included an incorrect logical expression when checking the validity of an input message. Sending a shutdown communication with a sufficient message length causes a four-byte overflow to occur while processing the message, where two of the overflow bytes are attacker-controlled and two are fixed. BIRD Internet Routing Da... • http://bird.network.cz • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2019-9854 – Unsafe URL assembly flaw in allowed script location check
https://notcve.org/view.php?id=CVE-2019-9854
06 Sep 2019 — LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2019-9852, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed by employing a URL encoding attack to defeat the ... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-284: Improper Access Control •