CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2019-6778 – QEMU: slirp: heap buffer overflow in tcp_emu()
https://notcve.org/view.php?id=CVE-2019-6778
In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow. En QEMU 3.0.0, tcp_emu en slirp/tcp_subr.c tiene un desbordamiento de búfer basado en memoria dinámica (heap). A heap buffer overflow issue was found in the SLiRP networking implementation of the QEMU emulator. It occurs in tcp_emu() routine while emulating the Identification protocol and copying message data to a socket buffer. A user or process could use this flaw to crash the QEMU process on the host resulting in a DoS or potentially executing arbitrary code with privileges of the QEMU process. • http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00073.html http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html http://www.openwall.com/lists/oss-security/2019/01/24/5 http://www.securityfocus.com/bid/106758 https://access.redhat.com& • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2019-6501 – QEMU: scsi-generic: possible OOB access while handling inquiry request
https://notcve.org/view.php?id=CVE-2019-6501
In QEMU 3.1, scsi_handle_inquiry_reply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations. En QEMU 3.1, scsi_handle_inquiry_reply en hw/scsi/scsi-generic.c permite operaciones de lectura y escritura fuera de límites. • http://www.openwall.com/lists/oss-security/2019/01/24/1 https://access.redhat.com/errata/RHSA-2019:2166 https://access.redhat.com/errata/RHSA-2019:2425 https://access.redhat.com/errata/RHSA-2019:2553 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7 https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg02324.html https://security.netapp.com/advisory/ntap-20190411-0006 https://access.redhat.com/security/cve/CVE& • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2019-9844
https://notcve.org/view.php?id=CVE-2019-9844
simple-markdown.js in Khan Academy simple-markdown before 0.4.4 allows XSS via a data: or vbscript: URI. simple-markdown.js en Khan Academy simple-markdown versiones anteriores a 0.4.4 permite XSS vía data: o vbscript: URI. • https://github.com/ossf-cve-benchmark/CVE-2019-9844 https://github.com/Khan/simple-markdown/pull/63 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JFLP3KJVSV5VWMNEBRXLGRVYFXOV5KOG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KZG2I7VH7WLSEUQ77KYP5CRAVFT2RK2U https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O5EFW655O3BXZYAPB65XEREXB2DSNSOT https://www.npmjs.com/package/simple-markdown/v/0.4.4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 1CVE-2018-19872 – qt: Malformed PPM image causing division by zero and crash in qppmhandler.cpp
https://notcve.org/view.php?id=CVE-2018-19872
An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp. Se ha descubierto un problema en Qt 5.11. Una imagen PPM mal formada provoca una división entre cero y un cierre inesperado en qppmhandler.cpp. • http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.html https://bugreports.qt.io/browse/QTBUG-69449 https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C5FHCR4A636BLTAXL76WWDJLOAHGNYG https://lists.fedoraproject.org/archives/list& • CWE-369: Divide By Zero •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-3833 – openwsman: Infinite loop in process_connection() allows denial of service
https://notcve.org/view.php?id=CVE-2019-3833
Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server. Openwsman, en versiones hasta e incluyendo la 2.6.9, es vulnerable a un bucle infinito en process_connection() al analizar peticiones HTTP especialmente manipuladas. Un atacante remoto no autenticado podría explotar esta vulnerabilidad enviando una petición HTTP especialmente manipulada para provocar una denegación de servicio (DoS) en el servidor openwsman. • http://bugzilla.suse.com/show_bug.cgi?id=1122623 http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00065.html http://www.securityfocus.com/bid/107367 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3833 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2V5HJ355RSKMFQ7GRJAHRZNDVXASF7TA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •