Page 86 of 732 results (0.013 seconds)

CVSS: 9.8EPSS: 52%CPEs: 5EXPL: 1

CVE-2019-11500 – dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes

https://notcve.org/view.php?id=CVE-2019-11500

In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution. En Dovecot versiones anteriores a 2.2.36.4 y versiones 2.3.x anteriores a 2.3.7.2 (y Pigeonhole versiones anteriores a 0.5.7.2), el procesamiento del protocolo puede fallar para cadenas entre comillas. Esto ocurre porque los caracteres '\0' se manejan inapropiadamente y pueden generar escrituras fuera de límites y ejecución de código remota. A flaw was found in dovecot. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00026.html http://www.openwall.com/lists/oss-security/2019/08/28/3 https://access.redhat.com/errata/RHSA-2019:2822 https://access.redhat.com/errata/RHSA-2019:2836 https://access.redhat.com/errata/RHSA-2019:2885 https://dovecot.org/pipermail/dovecot-news/2019-August/000417.html https://lists.debian.org/debian-lts-announce/2019/08/msg00035.html • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •

CVSS: 6.1EPSS: 8%CPEs: 26EXPL: 3

CVE-2019-10092 – Apache Httpd mod_proxy - Error Page Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2019-10092

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed. En Apache HTTP Server versiones 2.4.0 hasta 2.4.39, se reportó un problema de cross-site scripting limitado que afecta la página de error de mod_proxy. Un atacante podría causar que el enlace sobre la página de error sea malformado y, en su lugar, apunte a una página de su elección. • https://www.exploit-db.com/exploits/47688 https://github.com/mbadanoiu/CVE-2019-10092 http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html http://www.openwall.com/lists/oss-security/2019/08/15/4 http://www.openwall.com/lists/oss-security/2020/08/08/1 http://www.openwall.com/lists/oss-security/2020/08/08/9 https://access.redhat.com/errata/RHSA-2019:4126 https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-10092-Limited%20Cross-Site%20 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.8EPSS: 2%CPEs: 42EXPL: 0

CVE-2019-15538 – kernel: denial of service in in xfs_setattr_nonsize in fs/xfs/xfs_iops.c

https://notcve.org/view.php?id=CVE-2019-15538

An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS. Se descubrió un problema en xfs_setattr_nonsize en fs / xfs / xfs_iops.c en el kernel de Linux a través de 5.2.9. XFS se bloquea parcialmente cuando falla un chgrp debido a que no se encuentra en la cuota de disco. xfs_setattr_nonsize no puede desbloquear el ILOCK después de que la llamada xfs_qm_vop_chown_reserve falla. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1fb254aa983bf190cfd685d40c64a480a9bafaee https://github.com/torvalds/linux/commit/1fb254aa983bf190cfd685d40c64a480a9bafaee https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html https://lists.fedoraproject.org/archives& • CWE-400: Uncontrolled Resource Consumption •

CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 2

CVE-2019-10746 – nodejs-mixin-deep: prototype pollution in function mixin-deep

https://notcve.org/view.php?id=CVE-2019-10746

mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload. mixin-deep es vulnerable a Prototype Pollution en versiones anteriores a 1.3.2 y 2.0.0. La función mixin-deep podría ser engañada para agregar o modificar propiedades de Object.prototype usando una carga útil del constructor. A flaw was found in Nodejs's mixin-deep prior to versions 1.3.2 and 2.0.0. The mixin-deep function could be used to add or modify properties of the Object.prototype. • https://github.com/ossf-cve-benchmark/CVE-2019-10746 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFNIVG2XYFPZJY3DYYBJASZ7ZMKBMIJT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXRA365KZCUNXMU3KDH5JN5BEPNIGUKC https://snyk.io/vuln/SNYK-JS-MIXINDEEP-450212 https://www.oracle.com//security-alerts/cpujul2021.html https://access.redhat.com/security/cve/CVE-2019-10746 https://bugzilla.redhat.com/show_bug.cgi?id=1795475 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') CWE-471: Modification of Assumed-Immutable Data (MAID) •

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0

CVE-2019-15531

https://notcve.org/view.php?id=CVE-2019-15531

GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c. GNU Libextractor hasta la versión 1.9 tiene una sobre-lectura de búfer basada en el montón en la función EXTRACTOR_dvi_extract_method en plugins / dvi_extractor.c. • https://bugs.gnunet.org/view.php?id=5846 https://lists.debian.org/debian-lts-announce/2019/08/msg00038.html https://lists.debian.org/debian-lts-announce/2021/12/msg00016.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DV5YBIS2UUNUUKQOEKDWUKEEWJIKWFMZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GRQUHTSNOCKGRKPRXPUJ6FGTVZ2K5POL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MUJWNWDGGXQL • CWE-125: Out-of-bounds Read •