CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 1CVE-2019-5052
https://notcve.org/view.php?id=CVE-2019-5052
An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento de enteros explotable al cargar un archivo PCX en SDL2_image versión 2.0.4. Un archivo especialmente manipulado puede provocar un desbordamiento de enteros, en un espacio asignado demasiado pequeño, lo que puede provocar un desbordamiento de búfer y una posible ejecución de código. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html https://lists.debian.org/debian-lts-announce/2019/07/msg00021.html https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html https://talosintelligence.com/vulnerability_reports/TALOS-2019-0821 https: • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2019-13164
https://notcve.org/view.php?id=CVE-2019-13164
qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass. qemu-bridge-helper.c en QEMU versión 3.1 y 4.0.0 no garantiza que un nombre de interfaz de red (obtenido de bridge.conf o una opción --br = bridge) esté limitado al tamaño de IFNAMSIZ, lo que puede llevar a una derivación de ACL. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00008.html http://www.openwall.com/lists/oss-security/2019/07/02/2 http://www.securityfocus.com/bid/109054 https://github.com/qemu/qemu/commit/03d7712b4bcd47bfe0fe14ba2fffa87e111fa086 https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html https://lists.gnu.org/archive/html/qemu-devel/2019-07/msg00145.html https://seclists.org/bugtraq/2019/Au •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 1CVE-2019-13137
https://notcve.org/view.php?id=CVE-2019-13137
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadPSImage in coders/ps.c. ImageMagick en versiones anteriores a la 7.0.8-50 tiene una vulnerabilidad de fuga de memoria en la función ReadPSImage in coders/ps. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html https://github.com/ImageMagick/ImageMagick/commit/35ccb468ee2dcbe8ce9cf1e2f1957acc27f54c34 https://github.com/ImageMagick/ImageMagick/issues/1601 https://github.com/ImageMagick/ImageMagick6/commit/7d11230060fa9c8f67e53c85224daf6648805c7b https://usn.ubuntu.com/4192-1 https://www.debian.org/security/2020/dsa-4712 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 8.8EPSS: 0%CPEs: 21EXPL: 0CVE-2019-13135 – ImageMagick: a "use of uninitialized value" vulnerability in the function ReadCUTImage leading to a crash and DoS
https://notcve.org/view.php?id=CVE-2019-13135
ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c. ImageMagick en versiones anteriores a la 7.0.8-50 tiene una vulnerabilidad de "use of uninitialized value" en la función ReadCUTImage in coders/cut.c. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html https://github.com/ImageMagick/ImageMagick/commit/cdb383749ef7b68a38891440af8cc23e0115306d https://github.com/ImageMagick/ImageMagick/issues/1599 https://github.com/ImageMagick/ImageMagick6/commit/1e59b29e520d2beab73e8c78aacd5f1c0d76196d https://lists.debian.org/debian-lts-announce/2019/08/msg00021.html https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html https://support.f5.com/csp/article/K20336394 https://support.f5.com/csp/article&# • CWE-456: Missing Initialization of a Variable CWE-908: Use of Uninitialized Resource •
CVSS: 5.3EPSS: 1%CPEs: 8EXPL: 0CVE-2019-12781 – Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS
https://notcve.org/view.php?id=CVE-2019-12781
An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP. Se ha descubierto un problema en Django en versiones 1.11 anteriores a la 1.11.22, 2.1, anteriores a la 2.1.10, y 2.2 anteriores 2.2.3. Una petición HTTP no se redirige a HTTPS cuando se usan las configuraciones SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT, y el proxy se conecta a Django a través de HTTPS. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html http://www.openwall.com/lists/oss-security/2019/07/01/3 http://www.securityfocus.com/bid/109018 https://docs.djangoproject.com/en/dev/releases/security https://groups.google.com/forum/#%21topic/django-announce/Is4kLY9ZcZQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VXXWIOQGXOB7JCGJ3CVUW673LDHKEYL https:/& • CWE-319: Cleartext Transmission of Sensitive Information CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •