CVSS: 9.8EPSS: 1%CPEs: 45EXPL: 0CVE-2019-10126 – kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c
https://notcve.org/view.php?id=CVE-2019-10126
A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences. Se encontró un defecto en el kernel de Linux. Un desbordamiento de búfer en la región heap de la memoria en la función mwifiex_uap_parse_tail_ies en el archivo drivers/net/wireless/marvell/mwifiex/ie.c, podría provocar corrupción de la memoria y posiblemente otras consecuencias. A flaw was found in the mwifiex implementation in the Linux kernel. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html http://www.securityfocus.com/bid/108817 https://access.redhat.com/errat • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 4.9EPSS: 0%CPEs: 26EXPL: 0CVE-2019-0197 – httpd: mod_http2: possible crash on late upgrade
https://notcve.org/view.php?id=CVE-2019-0197
A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set "H2Upgrade on" are unaffected by this issue. Una vulnerabilidad fue encontrada en Apache HTTP Server 2.4.34 hasta 2.4.38 y clasificada como problemática. Cuando se habilitó HTTP / 2 para un http: host o H2Upgrade se habilitó para h2 en un https: host, una solicitud de actualización de http / 1.1 a http / 2 que no fue la primera solicitud en una conexión podría provocar una mala configuración y un fallo. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html http://www.openwall.com/lists/oss-security/2019/04/02/2 http://www.securityfocus.com/bid/107665 https://access.redhat.com/errata/RHSA-2019:3932 https://access.redhat.com/errata/RHSA-2019:3933 https://access.redhat.com/errata/RHSA-2019:3935 https://httpd.apac • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2019-12749 – dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass
https://notcve.org/view.php?id=CVE-2019-12749
dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass. dbus anterior a versión 1.10.28, versión 1.12.x anterior a 1.12.16, y versión 1.13.x anterior a 1.13.12, como es usado en DBusServer en Canonst Upstart en Ubuntu versión 14.04 (y en algunos usos menos comunes de demonio dbus), permite suplantación de identidad de cookie debido al manejo inapropiado de enlaces simbólicos (symlink) en la implementación de referencia de DBUS_COOKIE_SHA1 en la biblioteca libdbus. (Esto solo afecta el mecanismo de autenticación DBUS_COOKIE_SHA1). • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00092.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00026.html http://www.openwall.com/lists/oss-security/2019/06/11/2 http://www.securityfocus.com/bid/108751 https://access.redhat.com/errata/RHSA-2019:1726 https://access.redhat.com/errata/RHSA-2019:2868 https://access.redhat.com/errata/RHSA-2019:2870 https://access.red • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 2CVE-2019-12387 – python-twisted: Improper neutralization of CRLF characters in URIs and HTTP methods
https://notcve.org/view.php?id=CVE-2019-12387
In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF. En las versiones anteriores a 19.2.1. de Twisted, twisted.web no validó ni saneó los URIs o los métodos HTTP, permitiendo que un atacante inyecte caracteres no válidos tales como CRLF. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00030.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00042.html https://github.com/twisted/twisted/commit/6c61fc4503ae39ab8ecee52d10f10ee2c371d7e2 https://labs.twistedmatrix.com/2019/06/twisted-1921-released.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2G5RPDQ4BNB336HL6WW5ZJ344MAWNN7N https://twistedmatrix.com/pipermail/twisted-python/2019-June/032352.html https://usn.ubuntu.com/4308-1 htt • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-2101
https://notcve.org/view.php?id=CVE-2019-2101
In uvc_parse_standard_control of uvc_driver.c, there is a possible out-of-bound read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. • http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html https://lists.debian.org/debian-lts-announce/2019/07/msg00022.html https://source.android.com/security/bulletin/2019-06-01 https://usn.ubuntu.com/4094-1 https://usn.ubuntu.com/4118-1 • CWE-125: Out-of-bounds Read •