Page 16 of 160 results (0.014 seconds)

CVSS: 5.1EPSS: 0%CPEs: 23EXPL: 0

CVE-2019-2739 – mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2019)

https://notcve.org/view.php?id=CVE-2019-2739

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.1 (Integrity and Availability impacts). • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html http://packetstormsecurity.com/files/153862/Slackware-Security-Advisory-mariadb-Updates.html http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html https://access.redhat.com/errata/RHSA-2019:2484 https://access.redhat.com/errata/RHSA-2019:2511 https://access.redhat.com/errata/RHSA-2019:3708 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV https:/ •

CVSS: 6.5EPSS: 0%CPEs: 17EXPL: 0

CVE-2019-9959 – poppler: integer overflow in JPXStream::init function leading to memory consumption

https://notcve.org/view.php?id=CVE-2019-9959

The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo. La función JPXStream::init en Poppler versión 0.78.0 y anteriores, no comprueba los valores negativos de la longitud de la transmisión, lo que conlleva a un Desbordamiento de Enteros, y por lo tanto hace posible asignar una gran fragmento de memoria en la pila, con un tamaño controlado por un atacante, como es demostrado por pdftocairo. • http://www.securityfocus.com/bid/109342 https://access.redhat.com/errata/RHSA-2019:2713 https://gitlab.freedesktop.org/poppler/poppler/blob/master/NEWS https://lists.debian.org/debian-lts-announce/2019/10/msg00024.html https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5ZOYOZTGU4RGZW4E63OZ7LW4SMPEWGBV https://lists.fedoraproject • CWE-190: Integer Overflow or Wraparound •

CVSS: 7.8EPSS: 0%CPEs: 43EXPL: 22

CVE-2019-13272 – Linux Kernel Improper Privilege Management Vulnerability

https://notcve.org/view.php?id=CVE-2019-13272

In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments. En el kernel de Linux anterior a versión 5.1.17, ptrace_link en el archivo kernel/ptrace.c maneja inapropiadamente la grabación de las credenciales de un proceso que desea crear una relación de ptrace, que permite a los usuarios locales obtener acceso de root aprovechando determinados escenarios con un relación de proceso padre-hijo, donde un padre elimina los privilegios y llama a execve (permitiendo potencialmente el control por parte de un atacante). • https://www.exploit-db.com/exploits/47133 https://www.exploit-db.com/exploits/47163 https://www.exploit-db.com/exploits/50541 https://www.exploit-db.com/exploits/47543 https://github.com/jas502n/CVE-2019-13272 https://github.com/Cyc1eC/CVE-2019-13272 https://github.com/oneoy/CVE-2019-13272 https://github.com/polosec/CVE-2019-13272 https://github.com/MDS1GNAL/ptrace_scope-CVE-2019-13272-privilege-escalation https://github.com/datntsec/CVE-2019-13272 https://github • CWE-271: Privilege Dropping / Lowering Errors •

CVSS: 8.8EPSS: 2%CPEs: 17EXPL: 0

CVE-2019-12527 – squid: heap-based buffer overflow in HttpHeader::getAuth

https://notcve.org/view.php?id=CVE-2019-12527

An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user controlled data. Se detectó un problema en Squid versiones 4.0.23 hasta 4.7. Al comprobar la autenticación básica con la función HttpHeader::getAuth, Squid utiliza un búfer global para almacenar los datos descodificados. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html http://www.securityfocus.com/bid/109143 http://www.squid-cache.org/Versions/v4/changesets http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch https://access.redhat.com/errata/RHSA-2019:2593 https://github.com/squid-cache/squid/commits/v4 https://lists.fedoraproject.org/archives/list/package-announce%40li • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0

CVE-2019-13313 – Libosinfo: osinfo-install-script option leaks password via command line argument

https://notcve.org/view.php?id=CVE-2019-13313

libosinfo 1.5.0 allows local users to discover credentials by listing a process, because credentials are passed to osinfo-install-script via the command line. libosinfo versión 1.5.0, permite a los usuarios locales descubrir credenciales mediante la enumeración de un proceso, porque las credenciales son pasadas en un script de instalación de osinfo por medio de la línea de comandos. A flaw was found in libosinfo, version 1.5.0, where the script for automated guest installations, 'osinfo-install-script', accepts user and admin passwords via command line arguments. This could allow guest passwords to leak to other system users via a process listing. • http://www.openwall.com/lists/oss-security/2019/07/08/3 https://access.redhat.com/errata/RHSA-2019:3387 https://gitlab.com/libosinfo/libosinfo/-/tags https://gitlab.com/libosinfo/libosinfo/blob/master/NEWS https://libosinfo.org/download https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AZU4IPPIR73NYC6E733QR26O5ZI6MMKJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EEZUZKC6YK4E3NXM7XKZOXY5X5PJSPIR https://lists.fedoraproject • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •