CVSS: 5.3EPSS: 0%CPEs: 17EXPL: 0CVE-2019-9836
https://notcve.org/view.php?id=CVE-2019-9836
Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic implementation. Secure Encrypted Virtualization (SEV) en Advanced Micro Devices (AMD) Platform Security Processor (PSP; también conocido como AMD Secure Processor o AMD-SP) 0.17 build 11 y versiones anteriores tiene una implementación criptográfica insegura. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00032.html http://packetstormsecurity.com/files/153436/AMD-Secure-Encrypted-Virtualization-SEV-Key-Recovery.html https://seclists.org/fulldisclosure/2019/Jun/46 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03943en_us https://www.amd.com/en/corporate/product-security • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.8EPSS: 50%CPEs: 19EXPL: 1CVE-2018-20843 – expat: large number of colons in input makes parser consume high amount of resources, leading to DoS
https://notcve.org/view.php?id=CVE-2018-20843
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks). En libexpat en Expat anterior a versión 2.2.7, una entrada XML incluyendo nombres XML que contienen una gran cantidad de "dos puntos", podría hacer que el analizador XML consuma una gran cantidad de recursos de RAM y CPU durante el procesamiento (lo suficiente como para ser utilizables en ataques de denegación de servicio) . It was discovered that the "setElementTypePrefix()" function incorrectly extracted XML namespace prefixes. By tricking an application into processing a specially crafted XML file, an attacker could cause unusually high consumption of memory resources and possibly lead to a denial of service. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00039.html https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226 https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes https://github.com/libexpat/libexpat/issues/186 https://github.com/libexpat/libexpat/pull/262 https://github.com/libexpat/libexpat/pull/262/commits/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6 https://lists.debian.org/debian-lts-announce/2019/06/msg00028.html https://lists.fedoraproject.org/archives/ • CWE-400: Uncontrolled Resource Consumption CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2019-10163
https://notcve.org/view.php?id=CVE-2019-10163
A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected by this issue. Se ha detectado una vulnerabilidad en Authoritative Server de PowerDNS anterior a versiones 4.1.9, 4.0.8, que permite a un servidor maestro autorizado y remoto causar una alta carga de CPU o incluso impedir actualizaciones adicionales a cualquier zona esclava mediante el envío de una gran cantidad de mensajes de NOTIFICACIÓN. Note que solo los servidores configurados como esclavos están afectados por este problema. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00054.html https://blog.powerdns.com/2019/06/21/powerdns-authoritative-server-4-0-8-and-4-1-10-released https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10163 https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-05.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-10162
https://notcve.org/view.php?id=CVE-2019-10162
A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when it runs into a parsing error while looking up the NS/A/AAAA records it is about to use for an outgoing notify. Se ha detectado una vulnerabilidad en Authoritative Server de PowerDNS anterior a versiones 4.1.10, 4.0.8, permitiendo a un usuario autorizado causar que el servidor salga mediante la inserción de un registro diseñado en una zona tipo MASTER bajo su control. El problema es debido al hecho de que Authoritative Server se saldrá cuando se encuentre con un error de análisis mientras busca los registros NS/A/AAAA que está por usar para una notificación saliente. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00054.html https://blog.powerdns.com/2019/06/21/powerdns-authoritative-server-4-0-8-and-4-1-10-released https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10162 https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-04.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.0EPSS: 71%CPEs: 7EXPL: 0CVE-2019-10164 – postgresql: Stack-based buffer overflow via setting a password
https://notcve.org/view.php?id=CVE-2019-10164
PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account. Las versiones 10.x de PostgreSQL anteriores a 10.9 y 11.x anteriores a 11.4 son vulnerables a un desbordamiento de búfer basado en pilas. Cualquier usuario autenticado puede desbordar un búfer basado en pila cambiando la propia contraseña del usuario a un valor diseñado específicamente. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00035.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10164 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAGE6H4FWLKFLHLWVYNPYGQRPIXTUWGB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TTKEHXGDXYYD6WYDIIQJP4GDQJSENDJK https://security.gentoo.org/glsa/202003-03 https://www.postgresql.org/about/news/1949 https://access.redhat.com/security/cve/CVE-2019- • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •