CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 1CVE-2019-5094 – e2fsprogs: Crafted ext4 partition leads to out-of-bounds write
https://notcve.org/view.php?id=CVE-2019-5094
An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. Se presenta una vulnerabilidad de ejecución de código explotable en la funcionalidad quota file de E2fsprogs versión 1.45.3. Una partición ext4 especialmente diseñada puede causar una escritura fuera de límites en la pila, resultando en la ejecución de código. • https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY https://seclists.org/bugtraq/2019/Sep/58 https://security.gentoo.org/glsa/202003-05 https://security.netapp.com/advisory/ntap-20200115-0002 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887 htt • CWE-787: Out-of-bounds Write •
CVSS: 3.8EPSS: 0%CPEs: 15EXPL: 0CVE-2019-12068
https://notcve.org/view.php?id=CVE-2019-12068
In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well. En QEMU versiones 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, y 1:2.1+dfsg-12+deb8u12 (corregida), cuando se ejecuta el script en la función lsi_execute_script(), el emulador del adaptador scsi de LSI avanza el índice "s-)dsp" para leer el próximo opcode. Esto puede conllevar a un bucle infinito si el siguiente opcode está vacío. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00038.html https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=de594e47659029316bbf9391efb79da0a1a08e08 https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html https://security-tracker.debian.org/tracker/CVE-2019-12068 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.8EPSS: 1%CPEs: 13EXPL: 1CVE-2019-16746 – kernel: buffer-overflow hardening in WiFi beacon validation code.
https://notcve.org/view.php?id=CVE-2019-16746
An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow. Se detectó un problema en el archivo net/wireless/nl80211.c en el kernel de Linux versiones hasta 5.2.17. No comprueba la longitud de los elementos variables en un beacon head, lo que provoca un desbordamiento del búfer. A flaw in the Linux kernel's WiFi beacon validation code was discovered. • https://github.com/uthrasri/CVE-2019-16746 http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorap • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-16729
https://notcve.org/view.php?id=CVE-2019-16729
pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups. pam-python versiones anteriores a 1.0.7-1, presenta un problema con respecto al manejo predeterminado de la variable de entorno de Python, lo que podría permitir la escalada de root local en ciertas configuraciones de PAM. • https://bugzilla.suse.com/show_bug.cgi?id=1150510#c1 https://lists.debian.org/debian-lts-announce/2019/11/msg00020.html https://sourceforge.net/p/pam-python/code/ci/0247ab687b4347cc52859ca461fb0126dd7e2ebe https://tracker.debian.org/news/1066790/accepted-pam-python-107-1-source-amd64-all-into-unstable https://usn.ubuntu.com/4552-1 https://usn.ubuntu.com/4552-2 https://www.debian.org/security/2019/dsa-4555 •
CVSS: 4.3EPSS: 1%CPEs: 7EXPL: 1CVE-2019-16680 – file-roller: path traversal vulnerability via a specially crafted filename contained in malicious archive
https://notcve.org/view.php?id=CVE-2019-16680
An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction. Se detectó un problema en GNOME file-roller versiones anteriores a 3.29.91. Permite un único salto de ruta (path) ./../ por medio de un nombre de archivo contenido en un archivo TAR, posiblemente sobrescribiendo un archivo durante la extracción. A path traversal vulnerability was discovered in the file-roller (Archive Manager for GNOME) in the way file paths with special characters are sanitized. • https://bugzilla.gnome.org/show_bug.cgi?id=794337 https://bugzilla.redhat.com/show_bug.cgi?id=1767594 https://gitlab.gnome.org/GNOME/file-roller/commit/57268e51e59b61c9e3125eb0f65551c7084297e2 https://gitlab.gnome.org/GNOME/file-roller/commit/e8fb3e24dae711e4fb0d6777e0016cdda8787bc1 https://lists.debian.org/debian-lts-announce/2019/09/msg00032.html https://seclists.org/bugtraq/2019/Sep/57 https://usn.ubuntu.com/4139-1 https://www.debian.org/security/2019/dsa-4537 https://access.redhat.com/secur • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •