CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2019-10216 – ghostscript: -dSAFER escape via .buildfont1 (701394)
https://notcve.org/view.php?id=CVE-2019-10216
In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas. En ghostscript anterior a la versión 9.50, el procedimiento .buildfont1 no aseguraba adecuadamente sus llamadas privilegiadas, permitiendo que los scripts eludieran las restricciones `-dSAFER`. Un atacante podría abusar de esta fallo al crear un archivo PostScript especialmente diseñado que podría escalar privilegios y acceder a archivos fuera de las áreas restringidas. It was found that the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5b85ddd19 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10216 https://security.gentoo.org/glsa/202004-03 https://access.redhat.com/security/cve/CVE-2019-10216 https://bugzilla.redhat.com/show_bug.cgi?id=1737080 • CWE-648: Incorrect Use of Privileged APIs •
CVSS: 5.9EPSS: 0%CPEs: 26EXPL: 1CVE-2019-1125 – Windows Kernel Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-1125
An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information that could be used to try to compromise the affected system further. On January 3, 2018, Microsoft released an advisory and security updates related to a newly-discovered class of hardware vulnerabilities (known as Spectre) involving speculative execution side channels that affect AMD, ARM, and Intel CPUs to varying degrees. This vulnerability, released on August 6, 2019, is a variant of the Spectre Variant 1 speculative execution side channel vulnerability and has been assigned CVE-2019-1125. Microsoft released a security update on July 9, 2019 that addresses the vulnerability through a software change that mitigates how the CPU speculatively accesses memory. Note that this vulnerability does not require a microcode update from your device OEM. • https://www.exploit-db.com/exploits/48071 http://packetstormsecurity.com/files/156337/SWAPGS-Attack-Proof-Of-Concept.html http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200408-01-swapgs-en https://access.redhat.com/errata/RHBA-2019:2824 https://access.redhat.com/errata/RHBA-2019:3248 https://access.redhat.com/errata/RHSA-2019:2600 https://access.redhat.com/errata/RHSA-2019:2609 https://access.redhat.com/errata/RHSA-2019:2695 https://access.redhat.com/errata/RHS • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 2%CPEs: 28EXPL: 1CVE-2019-1010238 – pango: pango_log2vis_get_embedding_levels() heap-based buffer overflow
https://notcve.org/view.php?id=CVE-2019-1010238
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize. Pango versión 1.42 y posterior de Gnome, está afectada por: Desbordamiento de Búfer. • https://access.redhat.com/errata/RHBA-2019:2824 https://access.redhat.com/errata/RHSA-2019:2571 https://access.redhat.com/errata/RHSA-2019:2582 https://access.redhat.com/errata/RHSA-2019:2594 https://access.redhat.com/errata/RHSA-2019:3234 https://gitlab.gnome.org/GNOME/pango/-/commits/main/pango/pango-bidi-type.c https://gitlab.gnome.org/GNOME/pango/-/issues/342 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D6HWAHXJ2ZXINYMANHPFDD • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 0%CPEs: 23EXPL: 1CVE-2019-13616 – SDL: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c
https://notcve.org/view.php?id=CVE-2019-13616
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c. hasta 2.0.9, presenta una lectura excesiva del búfer en la región heap de la memoria en BlitNtoN en el archivo video/SDL_blit_N.c cuando es llamado desde SDL_SoftBlit en el archivo video/SDL_blit.c. A heap-based buffer overflow was discovered in SDL in the SDL_BlitCopy() function, that was called while copying an existing surface into a new optimized one, due to lack of validation while loading a BMP image in the SDL_LoadBMP_RW() function. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or possibly execute code. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00093.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00094.html https://access.redhat.com/errata/RHSA-2019:3950 https:/ • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 1%CPEs: 45EXPL: 0CVE-2019-10126 – kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c
https://notcve.org/view.php?id=CVE-2019-10126
A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences. Se encontró un defecto en el kernel de Linux. Un desbordamiento de búfer en la región heap de la memoria en la función mwifiex_uap_parse_tail_ies en el archivo drivers/net/wireless/marvell/mwifiex/ie.c, podría provocar corrupción de la memoria y posiblemente otras consecuencias. A flaw was found in the mwifiex implementation in the Linux kernel. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html http://www.securityfocus.com/bid/108817 https://access.redhat.com/errat • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •