CVSS: 9.0EPSS: 0%CPEs: 10EXPL: 1CVE-2019-11328
https://notcve.org/view.php?id=CVE-2019-11328
An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. ssh) could exploit this vulnerability due to insecure permissions allowing a user to edit files within `/run/singularity/instances/sing/<user>/<instance>`. The manipulation of those files can change the behavior of the starter-suid program when instances are joined resulting in potential privilege escalation on the host. Se encontró un problema en Singularity versión 3.1.0 hasta la 3.2.0-rc2, un usuario malicioso con acceso local de red hacia el sistema host (por ejemplo, ssh) podría atacar esta vulnerabilidad debido a permisos no seguros que permiten a un usuario editar archivos dentro de `/run/singularity/instances/sing//`. La manipulación de esos archivos puede cambiar el comportamiento del programa starter-suid cuando las peticiones se unen, lo que conlleva a una posible escalada de privilegios en el host. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html http://www.openwall.com/lists/oss-security/2019/05/16/1 http://www.securityfocus.com/bid/108360 https://github.com/sylabs/singularity/releases/tag/v3.2.0 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5O3TPL5OOTIZEI4H6IQBCCISBARJ6WL3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject& • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 1CVE-2019-12083
https://notcve.org/view.php?id=CVE-2019-12083
The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, can violate Rust's safety guarantees and cause memory unsafety. If the `Error::type_id` method is overridden then any type can be safely cast to any other type, causing memory safety vulnerabilities in safe code (e.g., out-of-bounds write or read). Code that does not manually implement Error::type_id is unaffected. Rust Programming Language Standard Library, versiones 1.34.x anteriores a 1.34.2, contiene un método estabilizado que, si se anula, puede ignorar las garantías de seguridad de Rust y causar inseguridades en la memoria. Si el método `Error::type_id` es anulado, entonces cualquier tipo puede ser lanzado con seguridad a cualquier otro tipo, causando vulnerabilidades de seguridad de memoria en código seguro (por ejemplo, escritura o lectura fuera de límites). • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00076.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00031.html https://blog.rust-lang.org/2019/05/13/Security-advisory.html https://groups.google.com/forum/#%21topic/rustlang-security-announcements/aZabeCMUv70 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HG47HYH3AQTUMBUMX3S3G5DNAY4CBW6N https://lists.fedorapr • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 0%CPEs: 30EXPL: 0CVE-2019-11884 – kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command
https://notcve.org/view.php?id=CVE-2019-11884
The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character. La función do_hidp_sock_ioctl en net/bluetooth/hidp/sock.c en el kernel de Linux, versiones anteriores a 5.0.15, permite a un usuario local obtener información potencialmente sensible de la memoria de la pila del kernel a través de un comando HIDPCONNNADD, ya que un campo de nombre puede no terminar con un carácter ` \0'. A flaw was found in the Linux kernel's implementation of the Bluetooth Human Interface Device Protocol (HIDP). A local attacker with access permissions to the Bluetooth device can issue an IOCTL which will trigger the do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c.c. This function can leak potentially sensitive information from the kernel stack memory via a HIDPCONNADD command because a name field may not be correctly NULL terminated. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html http://www.securityfocus.com/bid/108299 https://access.redhat.com/errata/RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3517 https://access.redhat.com/errata/RHSA-2020:0740 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.15 https://g • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 1%CPEs: 11EXPL: 0CVE-2019-11831
https://notcve.org/view.php?id=CVE-2019-11831
The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL. El paquete PharStreamWrapper (también conocido como phar-stream-wrapper), versiones 2.x anteriores a 2.1.1 y 3.x anteriores a 3.1.1 para TYPO3, no impide el salto de directorio, lo que permite a los atacantes eludir un mecanismo de protección de deserialización, como lo demuestra una URL phar:///path/bad.phar/../good.phar. • http://www.securityfocus.com/bid/108302 https://github.com/TYPO3/phar-stream-wrapper/releases/tag/v2.1.1 https://github.com/TYPO3/phar-stream-wrapper/releases/tag/v3.1.1 https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH https://lists.fedoraproject. • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-502: Deserialization of Untrusted Data •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2019-5814 – chromium-browser: CORS bypass in Blink
https://notcve.org/view.php?id=CVE-2019-5814
Insufficient policy enforcement in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to leak cross-origin data via a crafted HTML page. La aplicación insuficiente de políticas en Blink en Google Chrome antes de 74.0.3729.108 permitió a un atacante remoto filtrar datos de cross-origin a través de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html https://crbug.com/930057 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI https://seclists.org/bugtraq/2019/Aug/19 https://security.gentoo.org/glsa/201908-18 htt • CWE-352: Cross-Site Request Forgery (CSRF) •