CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2019-16392
https://notcve.org/view.php?id=CVE-2019-16392
SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages. SPIP versiones anteriores a 3.1.11 y versiones 3.2 anteriores a 3.2.5, permite un ataque de tipo XSS del archivo prive/formulaires/login.php por medio de mensajes de error. • https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html https://git.spip.net/SPIP/spip/commit/3c12a82c7d9d4afd09e708748fa82e7836174028 https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html https://seclists.org/bugtraq/2019/Sep/40 https://usn.ubuntu.com/4536-1 https://www.debian.org/security/2019/dsa-4532 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2019-16393
https://notcve.org/view.php?id=CVE-2019-16393
SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character. SPIP versiones anteriores a 3.1.11 y versiones 3.2 anteriores a 3.2.5, maneja inapropiadamente las URL de redireccionamiento en el archivo ecrire/inc/headers.php con un carácter %0D,%0A o %20. • https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html https://core.spip.net/issues/4362 https://git.spip.net/SPIP/spip/commit/0b832408b0aabd5b94a81e261e9413c0f31a19f1 https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html https://seclists.org/bugtraq/2019/Sep/40 https://usn.ubuntu.com/4536-1 https://www.debian.org/security/2019/dsa-4532 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 1CVE-2019-16394
https://notcve.org/view.php?id=CVE-2019-16394
SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers. SPIP versiones anteriores a 3.1.11 y versiones 3.2 anteriores a 3.2.5, proporciona diferentes mensajes de error desde la página password-reminder dependiendo de si existe una dirección de correo electrónico, que podría ayudar a atacantes para enumerar suscriptores. • https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html https://core.spip.net/issues/4171 https://lists.debian.org/debian-lts-announce/2019/10/msg00038.html https://seclists.org/bugtraq/2019/Sep/40 https://usn.ubuntu.com/4536-1 https://www.debian.org/security/2019/dsa-4532 https://zone.spip.net/trac/spip-zone/changeset/117577/spip-zone https://zone.spip.net/trac/spip-zone/changeset/117578/spip-zone • CWE-203: Observable Discrepancy •
CVSS: 7.8EPSS: 0%CPEs: 82EXPL: 1CVE-2019-14835 – kernel: vhost-net: guest to host kernel escape during migration
https://notcve.org/view.php?id=CVE-2019-14835
A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. Se encontró un fallo de desbordamiento de búfer, en las versiones desde 2.6.34 hasta 5.2.x, en la manera en que la funcionalidad vhost del kernel de Linux que traduce los búferes virtueue en IOV, registraba los descriptores del búfer durante una migración. Un usuario invitado privilegiado capaz de pasar descriptores con una longitud no válida hacia el host cuando la migración está en marcha, podría usar este fallo para aumentar sus privilegios sobre el host. A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html http://packetstormsecurity.com/files/154572/Kernel-Live-Patch-Security-Notice-LSN-0056-1.html http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01- • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2019-16239
https://notcve.org/view.php?id=CVE-2019-16239
process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes. La función process_http_response en OpenConnect versiones anteriores a 8.05, presenta un desbordamiento de búfer cuando un servidor malicioso utiliza la codificación fragmentada HTTP con tamaños de fragmento especialmente diseñados. • http://lists.infradead.org/pipermail/openconnect-devel/2019-September/005412.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00061.html https://lists.debian.org/debian-lts-announce/2019/10/msg00003.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FX56KYWC7X4ETV4P6HGJC7GZUEBITBBS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HDMZGNBLZZKAGB • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •