CVSS: 7.5EPSS: 0%CPEs: 41EXPL: 0CVE-2019-2602 – OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936)
https://notcve.org/view.php?id=CVE-2019-2602
17 Apr 2019 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00007.html • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.1EPSS: 8%CPEs: 32EXPL: 2CVE-2019-2698 – Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in GlyphIterator::setCurrGlyphID
https://notcve.org/view.php?id=CVE-2019-2698
17 Apr 2019 — Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE ... • https://packetstorm.news/files/id/152554 • CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 1%CPEs: 73EXPL: 0CVE-2019-2684 – OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453)
https://notcve.org/view.php?id=CVE-2019-2684
17 Apr 2019 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded a... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00007.html •
CVSS: 8.8EPSS: 86%CPEs: 68EXPL: 6CVE-2019-0211 – Apache HTTP Server Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-0211
03 Apr 2019 — In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected. En Apache HTTP Server 2.4, versiones 2.4.17 a 2.4.38, con el evento MPM, worker o prefork, el código ejecutándose en procesos hijo (o hilos) m... • https://packetstorm.news/files/id/152441 • CWE-250: Execution with Unnecessary Privileges CWE-416: Use After Free •
CVSS: 9.1EPSS: 0%CPEs: 29EXPL: 1CVE-2019-9948 – python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms
https://notcve.org/view.php?id=CVE-2019-9948
23 Mar 2019 — urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call. urllib en Python, en versiones 2.x hasta la 2.7.16, soporta el esquema local_file:, lo que facilita que los atacantes remotos omitan los mecanismos de protección que ponen en lista negra los URI file:, tal y como queda demostrado con una llamada urllib.urlopen... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-749: Exposed Dangerous Method or Function •
CVSS: 6.5EPSS: 0%CPEs: 20EXPL: 2CVE-2019-9903 – poppler: stack consumption in function Dict::find() in Dict.cc
https://notcve.org/view.php?id=CVE-2019-9903
21 Mar 2019 — PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary. PDFDoc::markObject en PDFDoc.cc en Poppler 0.74.0 gestiona de manera incorrecta el marcado de diccionarios, que conduce al consumo de pila en la función Dict::find() en Dict.cc, que puede (por ejemplo) desencadenarse pasando un archivo pdf manipulado al binario pdfuni... • http://www.securityfocus.com/bid/107560 • CWE-400: Uncontrolled Resource Consumption CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 3%CPEs: 41EXPL: 0CVE-2019-9636 – python: Information Disclosure due to urlsplit improper NFKC normalization
https://notcve.org/view.php?id=CVE-2019-9636
08 Mar 2019 — Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed c... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html • CWE-172: Encoding Error •
CVSS: 7.5EPSS: 3%CPEs: 18EXPL: 2CVE-2019-5010 – python: NULL pointer dereference using a specially crafted X509 certificate
https://notcve.org/view.php?id=CVE-2019-5010
04 Mar 2019 — An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability. Se presenta una vulnerabilidad de denegación de servicio explotable en el analizador de certificados X509 de Python.org Python versión 2.7.11 / 3.6.6. Un certificado X509 e... • https://github.com/JonathanWilbur/CVE-2019-5010 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 35EXPL: 2CVE-2019-7222 – Kernel: KVM: leak of uninitialized stack contents to guest
https://notcve.org/view.php?id=CVE-2019-7222
16 Feb 2019 — The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. La implementación KVM en el kernel de Linux, hasta la versión 4.20.5, tiene una fuga de información. An information leakage issue was found in the way Linux kernel's KVM hypervisor handled page fault exceptions while emulating instructions like VMXON, VMCLEAR, VMPTRLD, and VMWRITE with memory address as an operand. It occurs if the operand is a mmio address, as the returned exception object holds uninitialized stack memory co... • https://packetstorm.news/files/id/151712 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 1CVE-2019-7664 – elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h
https://notcve.org/view.php?id=CVE-2019-7664
09 Feb 2019 — In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash). En elfutils 0.175, se intenta realizar un memcpy de tamaño negativo en elf_cvt_note en libelf/note_xlate.h debido a una comprobación de desbordamiento incorrecta. Las entradas elf manipuladas provocan un fallo de segmentación, que conduce a una denegación de servicio (cierre inespera... • https://access.redhat.com/errata/RHSA-2019:2197 • CWE-787: Out-of-bounds Write •