CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-3974
https://notcve.org/view.php?id=CVE-2019-3974
Nessus 8.5.2 and earlier on Windows platforms were found to contain an issue where certain system files could be overwritten arbitrarily, potentially creating a denial of service condition. Se detectó que Nessus versión 8.5.2 y anteriores, en las plataformas de Windows contenían un problema en el que determinados archivos de sistema podían sobrescribirse arbitrariamente, creando potencialmente una condición de denegación de servicio. • https://www.tenable.com/security/tns-2019-05 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3962
https://notcve.org/view.php?id=CVE-2019-3962
Content Injection vulnerability in Tenable Nessus prior to 8.5.0 may allow an authenticated, local attacker to exploit this vulnerability by convincing another targeted Nessus user to view a malicious URL and use Nessus to send fraudulent messages. Successful exploitation could allow the authenticated adversary to inject arbitrary text into the feed status, which will remain saved post session expiration. Una vulnerabilidad de inyección de contenidos en Tenable Nessus en versiones anteriores a la 8.5.0 puede permitir que un atacante local autenticado explote esta vulnerabilidad al convencer a otro usuario de Nessus para que vea una URL maliciosa y use Nessus para enviar mensajes fraudulentos. Una explotación con éxito podría permitir al adversario autenticado inyectar texto arbitrario en el estado del feed, que permanecerá guardado después de la expiración de la sesión. • http://www.securityfocus.com/bid/109025 https://www.tenable.com/security/tns-2019-04 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3961
https://notcve.org/view.php?id=CVE-2019-3961
Nessus versions 8.4.0 and earlier were found to contain a reflected XSS vulnerability due to improper validation of user-supplied input. An unauthenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code in a users browser session. Se encontró que las versiones 8.4.0 y anteriores de Nessus contenían una vulnerabilidad XSS reflejada debido a la validación incorrecta de la entrada proporcionada por el usuario. Un atacante remoto no autenticado podría potencialmente explotar esta vulnerabilidad a través de una solicitud especialmente diseñada para ejecutar código de script arbitrario en una sesión de explorador de usuarios. • http://www.securityfocus.com/bid/108892 https://www.tenable.com/security/tns-2019-04 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 58%CPEs: 19EXPL: 1CVE-2018-20843 – expat: large number of colons in input makes parser consume high amount of resources, leading to DoS
https://notcve.org/view.php?id=CVE-2018-20843
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks). En libexpat en Expat anterior a versión 2.2.7, una entrada XML incluyendo nombres XML que contienen una gran cantidad de "dos puntos", podría hacer que el analizador XML consuma una gran cantidad de recursos de RAM y CPU durante el procesamiento (lo suficiente como para ser utilizables en ataques de denegación de servicio) . It was discovered that the "setElementTypePrefix()" function incorrectly extracted XML namespace prefixes. By tricking an application into processing a specially crafted XML file, an attacker could cause unusually high consumption of memory resources and possibly lead to a denial of service. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00039.html https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226 https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes https://github.com/libexpat/libexpat/issues/186 https://github.com/libexpat/libexpat/pull/262 https://github.com/libexpat/libexpat/pull/262/commits/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6 https://lists.debian.org/debian-lts-announce/2019/06/msg00028.html https://lists.fedoraproject.org/archives/ • CWE-400: Uncontrolled Resource Consumption CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.9EPSS: 1%CPEs: 180EXPL: 0CVE-2019-1559 – 0-byte record padding oracle
https://notcve.org/view.php?id=CVE-2019-1559
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html http://www.securityfocus.com/bid/107174 https://access. • CWE-203: Observable Discrepancy CWE-325: Missing Cryptographic Step •