CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 1CVE-2019-5094 – e2fsprogs: Crafted ext4 partition leads to out-of-bounds write
https://notcve.org/view.php?id=CVE-2019-5094
An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. Se presenta una vulnerabilidad de ejecución de código explotable en la funcionalidad quota file de E2fsprogs versión 1.45.3. Una partición ext4 especialmente diseñada puede causar una escritura fuera de límites en la pila, resultando en la ejecución de código. • https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY https://seclists.org/bugtraq/2019/Sep/58 https://security.gentoo.org/glsa/202003-05 https://security.netapp.com/advisory/ntap-20200115-0002 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887 htt • CWE-787: Out-of-bounds Write •
CVSS: 3.8EPSS: 0%CPEs: 15EXPL: 0CVE-2019-12068
https://notcve.org/view.php?id=CVE-2019-12068
In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well. En QEMU versiones 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, y 1:2.1+dfsg-12+deb8u12 (corregida), cuando se ejecuta el script en la función lsi_execute_script(), el emulador del adaptador scsi de LSI avanza el índice "s-)dsp" para leer el próximo opcode. Esto puede conllevar a un bucle infinito si el siguiente opcode está vacío. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00038.html https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=de594e47659029316bbf9391efb79da0a1a08e08 https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html https://security-tracker.debian.org/tracker/CVE-2019-12068 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.8EPSS: 1%CPEs: 13EXPL: 1CVE-2019-16746 – kernel: buffer-overflow hardening in WiFi beacon validation code.
https://notcve.org/view.php?id=CVE-2019-16746
An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow. Se detectó un problema en el archivo net/wireless/nl80211.c en el kernel de Linux versiones hasta 5.2.17. No comprueba la longitud de los elementos variables en un beacon head, lo que provoca un desbordamiento del búfer. A flaw in the Linux kernel's WiFi beacon validation code was discovered. • https://github.com/uthrasri/CVE-2019-16746 http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorap • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-16729
https://notcve.org/view.php?id=CVE-2019-16729
pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups. pam-python versiones anteriores a 1.0.7-1, presenta un problema con respecto al manejo predeterminado de la variable de entorno de Python, lo que podría permitir la escalada de root local en ciertas configuraciones de PAM. • https://bugzilla.suse.com/show_bug.cgi?id=1150510#c1 https://lists.debian.org/debian-lts-announce/2019/11/msg00020.html https://sourceforge.net/p/pam-python/code/ci/0247ab687b4347cc52859ca461fb0126dd7e2ebe https://tracker.debian.org/news/1066790/accepted-pam-python-107-1-source-amd64-all-into-unstable https://usn.ubuntu.com/4552-1 https://usn.ubuntu.com/4552-2 https://www.debian.org/security/2019/dsa-4555 •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 1CVE-2019-16708 – ImageMagick: memory leak in magick/xwindow.c
https://notcve.org/view.php?id=CVE-2019-16708
ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage. ImageMagick versión 7.0.8-35, presenta una pérdida de memoria en el archivo magick/xwindow.c, relacionada con la función XCreateImage. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00042.html https://github.com/ImageMagick/ImageMagick/issues/1531 https://usn.ubuntu.com/4192-1 https://www.debian.org/security/2020/dsa-4712 https://access.redhat.com/security/cve/CVE-2019-16708 https://bugzilla.redhat.com/show_bug.cgi?id=1801665 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •