CVSS: 7.5EPSS: 13%CPEs: 96EXPL: 0CVE-2019-11479 – kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service
https://notcve.org/view.php?id=CVE-2019-11479
17 Jun 2019 — Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363. Jonathan Looney descubrió que el tamaño máximo d... • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt • CWE-400: Uncontrolled Resource Consumption CWE-405: Asymmetric Resource Consumption (Amplification) CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.8EPSS: 0%CPEs: 45EXPL: 0CVE-2019-10126 – kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c
https://notcve.org/view.php?id=CVE-2019-10126
14 Jun 2019 — A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences. Se encontró un defecto en el kernel de Linux. Un desbordamiento de búfer en la región heap de la memoria en la función mwifiex_uap_parse_tail_ies en el archivo drivers/net/wireless/marvell/mwifiex/ie.c, podría provocar corrupción de la memoria y posiblemente otras consecuencias. A flaw was found... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2019-3888 – undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed
https://notcve.org/view.php?id=CVE-2019-3888
10 Jun 2019 — A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange) Se encontró una vulnerabilidad en servidor web de Undertow versión anterior a 2.0.21. Una exposición de información de las credenciales de texto plano por medio de los archivos de registro porque Connectors.executeRoo... • http://www.securityfocus.com/bid/108739 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.8EPSS: 1%CPEs: 28EXPL: 0CVE-2019-10160 – python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc
https://notcve.org/view.php?id=CVE-2019-10160
07 Jun 2019 — A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application loca... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html • CWE-172: Encoding Error CWE-522: Insufficiently Protected Credentials •
CVSS: 6.1EPSS: 0%CPEs: 218EXPL: 7CVE-2019-11358 – jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection
https://notcve.org/view.php?id=CVE-2019-11358
19 Apr 2019 — jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. jQuery, en versiones anteriores a 3.4.0, como es usado en Drupal, Backdrop CMS, y otros productos, maneja mal jQuery.extend(true, {}, ...) debido a la contaminación de Object.prototype. Si un objeto fuente no sanitizado contenía una propi... • https://github.com/isacaya/CVE-2019-11358 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 6.5EPSS: 0%CPEs: 27EXPL: 1CVE-2019-3460 – kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP
https://notcve.org/view.php?id=CVE-2019-3460
03 Apr 2019 — A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. Se ha descubierto una fuga de información en múltiples ubicaciones en memoria dinámica, incluyendo L2CAP_GET_CONF_OPT en el kernel de Linux anterior a 5.1-rc1. A flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack in the l2cap_parse_conf_rsp and l2cap_parse_conf_req functions. An attacker with physical acc... • http://www.openwall.com/lists/oss-security/2019/06/27/2 • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 1%CPEs: 41EXPL: 0CVE-2019-9636 – python: Information Disclosure due to urlsplit improper NFKC normalization
https://notcve.org/view.php?id=CVE-2019-9636
08 Mar 2019 — Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed c... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html • CWE-172: Encoding Error •
CVSS: 5.9EPSS: 5%CPEs: 180EXPL: 0CVE-2019-1559 – 0-byte record padding oracle
https://notcve.org/view.php?id=CVE-2019-1559
26 Feb 2019 — If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order ... • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html • CWE-203: Observable Discrepancy CWE-325: Missing Cryptographic Step •
CVSS: 7.5EPSS: 1%CPEs: 16EXPL: 1CVE-2018-16890 – curl: NTLM type-2 heap out-of-bounds buffer read
https://notcve.org/view.php?id=CVE-2018-16890
06 Feb 2019 — libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds. Libcurl, desde la versión 7.36.0 hasta antes de la 7.64... • https://github.com/michelleamesquita/CVE-2018-16890 • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 33%CPEs: 23EXPL: 1CVE-2019-3822 – curl: NTLMv2 type-3 header stack buffer overflow
https://notcve.org/view.php?id=CVE-2019-3822
06 Feb 2019 — libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the loca... • http://www.securityfocus.com/bid/106950 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •