CVSS: 7.3EPSS: 0%CPEs: 17EXPL: 0CVE-2019-3838 – ghostscript: forceput in DefineResource is still accessible (700576)
https://notcve.org/view.php?id=CVE-2019-3838
It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Se ha observado que el operador forceput podía ser extraído del método DefineResource en ghostscript en las versiones anteriores a la 9.27. Un archivo PostScript especialmente manipulado podría explotar este error, por ejemplo, para obtener acceso al sistema de archivos fuera de las restricciones impuestas por -dSAFER. It was found that the forceput operator could be extracted from the DefineResource method. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00018.html http://packetstormsecurity.com/files/152367/Slackware-Security-Advisory-ghostscript-Updates.html https://access.redhat.com/errata/RHSA-2019:0652 https://access.redhat.com/errata/RHSA-2019:0971 https://bugs.ghostscript.com/show_bug.cgi?id=700576 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3838 https://lists.debian.org/debian-lts-announce/2 • CWE-648: Incorrect Use of Privileged APIs •
CVSS: 9.8EPSS: 1%CPEs: 9EXPL: 0CVE-2018-20784 – kernel: infinite loop in update_blocked_averages() in kernel/sched/fair.c leading to denial of service
https://notcve.org/view.php?id=CVE-2018-20784
In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load. En el kernel de Linux, en versiones anteriores a la 4.20.2, kernel/sched/fair.c gestiona leaf cfs_rq de manera incorrecta, lo que permite que los atacantes provoquen una denegación de servicio (bucle infinito en update_blocked_averages) o, posiblemente, otro impacto sin especificar induciendo una carga alta. The CFS Linux kernel scheduler mishandles handling of leaf cfs_rq's in the kernel/sched/fair.c code, which allows a local unprivileged attacker to cause a denial of service (DoS) by entering an infinite loop in update_blocked_averages() function by inducing a high load on a system. Due to the nature of the flaw, a remote network attack (by initiating a magnitude of remote requests) cannot be fully ruled out. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c40f7d74c741a907cfaeb73a7697081881c497d0 https://access.redhat.com/errata/RHSA-2019:1959 https://access.redhat.com/errata/RHSA-2019:1971 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.2 https://github.com/torvalds/linux/commit/c40f7d74c741a907cfaeb73a7697081881c497d0 https://usn.ubuntu.com/4115-1 https://usn.ubuntu.com/4118-1 https://usn.ubuntu.com/4211-1 https://usn.ubuntu.com/4211-2 https: • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2019-8912 – kernel: af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr
https://notcve.org/view.php?id=CVE-2019-8912
In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr. En el kernel de Linux, hasta la versión 4.20.11, af_alg_release() en crypto/af_alg.c no establece un valor NULL para cierto miembro de estructura, lo que conduce a un uso de memoria previamente liberada en sockfs_setattr. In the Linux kernel af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free (UAF) in sockfs_setattr. A local attacker can use this flaw to escalate privileges and take control of the system. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00052.html http://patchwork.ozlabs.org/patch/1042902 http://www.securityfocus.com/bid/107063 https://access.redhat.com/errata/RHSA-2020:0174 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-8912 https://usn.ubuntu.com/3930-1 https://usn.ubuntu.com/3930-2 https://usn.ubuntu.com/3931-1 https://usn.ubuntu.com/3931-2 https://access.redhat.com/security/cve/CVE-2019-8912 https://bugzilla.redhat.c • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2018-19215
https://notcve.org/view.php?id=CVE-2018-19215
Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for the special cases of the % and $ and ! characters. Netwide Assembler (NASM) 2.14rc16 tiene una sobrelectura de búfer basada en memoria dinámica (heap) en expand_mmac_params en asm/preproc.c para los casos especiales de los caracteres % y $. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html https://bugzilla.nasm.us/show_bug.cgi?id=3392525 https://repo.or.cz/nasm.git/commit/4b5b737d4991578b1918303dc0fd9c9ab5c7ce4f • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2018-19214
https://notcve.org/view.php?id=CVE-2018-19214
Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insufficient input. Netwide Assembler (NASM) 2.14rc15 tiene una sobrelectura de búfer basada en memoria dinámica (heap) en expand_mmac_params en asm/preproc.c para las entradas insuficientes. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html https://bugzilla.nasm.us/show_bug.cgi?id=3392521 https://repo.or.cz/nasm.git/commit/661f723d39e03ca6eb05d7376a43ca33db478354 • CWE-125: Out-of-bounds Read •