CVSS: 9.8EPSS: 2%CPEs: 41EXPL: 0CVE-2019-9636 – python: Information Disclosure due to urlsplit improper NFKC normalization
https://notcve.org/view.php?id=CVE-2019-9636
08 Mar 2019 — Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed c... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html • CWE-172: Encoding Error •
CVSS: 7.5EPSS: 0%CPEs: 35EXPL: 2CVE-2019-8936 – Ubuntu Security Notice USN-4563-2
https://notcve.org/view.php?id=CVE-2019-8936
08 Mar 2019 — NTP through 4.2.8p12 has a NULL Pointer Dereference. NTP hasta 4.2.8p12 tiene una desreferencia del puntero NULL. A crafted malicious authenticated mode 6 packet from a permitted network address can trigger a NULL pointer dereference. Note for this attack to work, the sending system must be on an address from which the target ntpd(8) accepts mode 6 packets, and must use a private key that is specifically listed as being used for mode 6 authorization. The ntpd daemon can crash due to the NULL pointer derefer... • https://github.com/snappyJack/CVE-2019-8936 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 6CVE-2019-9213 – Linux < 4.20.14 - Virtual Address 0 is Mappable via Privileged write() to /proc/*/mem
https://notcve.org/view.php?id=CVE-2019-9213
05 Mar 2019 — In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task. En el kernel de Linux, en versiones anteriores a la 4.20.14, expand_downwards en mm/mmap.c carece de una comprobación para la dirección mínima de mmap, lo que facilita que los atacantes exploten desreferencias de puntero NULL en el kernel en... • https://packetstorm.news/files/id/151991 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 1CVE-2019-9209 – Debian Security Advisory 4416-1
https://notcve.org/view.php?id=CVE-2019-9209
28 Feb 2019 — In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values. En Wireshark, desde la versión 2.4.0 hasta la 2.4.12 y desde la 2.6.0 hasta la 2.6.6, el disector ASN.1 BER y relacionados podrían cerrarse inesperadamente. Esto se abordó en epan/dissectors/packet-ber.c, previniendo un desbordamiento de búfer asociado con dígitos excesivos en los... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00007.html • CWE-193: Off-by-one Error CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 1%CPEs: 180EXPL: 0CVE-2019-1559 – 0-byte record padding oracle
https://notcve.org/view.php?id=CVE-2019-1559
26 Feb 2019 — If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order ... • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html • CWE-203: Observable Discrepancy CWE-325: Missing Cryptographic Step •
CVSS: 9.8EPSS: 8%CPEs: 6EXPL: 2CVE-2019-8375 – WebKitGTK 2.23.90 / WebKitGTK+ 2.22.6 - Denial of Service
https://notcve.org/view.php?id=CVE-2019-8375
24 Feb 2019 — The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or possibly have unspecified other impact, related to UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp, and UIProcess/API/gtk/WebKitWebViewGtk.cpp, as demonstrated by GNOME Web (aka Epiphany). El su... • https://www.exploit-db.com/exploits/46465 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.4EPSS: 0%CPEs: 7EXPL: 1CVE-2019-8905
https://notcve.org/view.php?id=CVE-2019-8905
18 Feb 2019 — do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360. do_core_note en readelf.c en libmagic.a en la versión 5.35 de file tiene una sobrelectura de búfer basada en pila relacionada con file_printable. Esta vulnerabilidad es diferente de CVE-2018-10360. • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html • CWE-125: Out-of-bounds Read •
CVSS: 4.4EPSS: 0%CPEs: 10EXPL: 1CVE-2019-8906 – Slackware Security Advisory - file Updates
https://notcve.org/view.php?id=CVE-2019-8906
18 Feb 2019 — do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. do_core_note en readelf.c en libmagic.a en la versión 5.35 de file tiene una lectura fuera de límites debido a una mala utilización de memcpy. New file packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00027.html • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 2%CPEs: 3EXPL: 3CVE-2019-8341 – Jinja2 2.10 - 'from_string' Server Side Template Injection
https://notcve.org/view.php?id=CVE-2019-8341
15 Feb 2019 — An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing ** EN DISPUTA ** Se ha descubierto un problema en Jinja2 2.10. La función from_... • https://packetstorm.news/files/id/151705 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 0%CPEs: 43EXPL: 39CVE-2019-5736 – runc < 1.0-rc6 (Docker < 18.09.2) - Container Breakout
https://notcve.org/view.php?id=CVE-2019-5736
11 Feb 2019 — runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/sel... • https://packetstorm.news/files/id/165197 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-672: Operation on a Resource after Expiration or Release •