CVE-2019-10086 – apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default
https://notcve.org/view.php?id=CVE-2019-10086
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean. En Apache Commons Beanutils 1.9.2, se agregó una clase especial BeanIntrospector que permite suprimir la capacidad de un atacante para acceder al cargador de clases a través de la propiedad de clase disponible en todos los objetos Java. Sin embargo, no se esta usando esta característica por defecto de PropertyUtilsBean. A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.html http://mail-archives.apache.org/mod_mbox/www-announce/201908.mbox/%3cC628798F-315D-4428-8CB1-4ED1ECC958E4%40apache.org%3e https://access.redhat.com/errata/RHSA-2019:4317 https://access.redhat.com/errata/RHSA-2020:0057 https://access.redhat.com/errata/RHSA-2020:0194 https://access.redhat.com/errata/RHSA-2020:0804 https://access.redhat.com/errata/RHSA-2020:0805 https://access.redhat.com/errata/RHSA-2020:0806 • CWE-502: Deserialization of Untrusted Data •
CVE-2019-9514 – Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service
https://notcve.org/view.php?id=CVE-2019-9514
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. Algunas implementaciones de HTTP / 2 son vulnerables a una inundación de reinicio, lo que puede conducir a una denegación de servicio. El atacante abre una serie de secuencias y envía una solicitud no válida sobre cada secuencia que debería solicitar una secuencia de tramas RST_STREAM del par. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2019-09 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2019-10216 – ghostscript: -dSAFER escape via .buildfont1 (701394)
https://notcve.org/view.php?id=CVE-2019-10216
In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas. En ghostscript anterior a la versión 9.50, el procedimiento .buildfont1 no aseguraba adecuadamente sus llamadas privilegiadas, permitiendo que los scripts eludieran las restricciones `-dSAFER`. Un atacante podría abusar de esta fallo al crear un archivo PostScript especialmente diseñado que podría escalar privilegios y acceder a archivos fuera de las áreas restringidas. It was found that the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5b85ddd19 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10216 https://security.gentoo.org/glsa/202004-03 https://access.redhat.com/security/cve/CVE-2019-10216 https://bugzilla.redhat.com/show_bug.cgi?id=1737080 • CWE-648: Incorrect Use of Privileged APIs •
CVE-2019-1125 – Windows Kernel Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-1125
An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information that could be used to try to compromise the affected system further. On January 3, 2018, Microsoft released an advisory and security updates related to a newly-discovered class of hardware vulnerabilities (known as Spectre) involving speculative execution side channels that affect AMD, ARM, and Intel CPUs to varying degrees. This vulnerability, released on August 6, 2019, is a variant of the Spectre Variant 1 speculative execution side channel vulnerability and has been assigned CVE-2019-1125. Microsoft released a security update on July 9, 2019 that addresses the vulnerability through a software change that mitigates how the CPU speculatively accesses memory. Note that this vulnerability does not require a microcode update from your device OEM. • https://www.exploit-db.com/exploits/48071 http://packetstormsecurity.com/files/156337/SWAPGS-Attack-Proof-Of-Concept.html http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200408-01-swapgs-en https://access.redhat.com/errata/RHBA-2019:2824 https://access.redhat.com/errata/RHBA-2019:3248 https://access.redhat.com/errata/RHSA-2019:2600 https://access.redhat.com/errata/RHSA-2019:2609 https://access.redhat.com/errata/RHSA-2019:2695 https://access.redhat.com/errata/RHS • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2019-14744 – kdelibs: malicious desktop files and configuration files lead to code execution with minimal user interaction
https://notcve.org/view.php?id=CVE-2019-14744
In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop file. En KDE Frameworks KConfig en versiones anteriores a 5.61.0, los archivos de escritorio y los archivos de configuración maliciosos conllevan a la ejecución de código con una interacción mínima del usuario. Esto se relaciona con el archivo libKF5ConfigCore.so y el manejo inapropiado de archivos .desktop y .directory, como es demostrado por un comando de shell en una línea Icon en un archivo .desktop. A flaw was found in the KDE Frameworks KConfig prior to version 5.61.0. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00034.html http://packetstormsecurity.com/files/153981/Slackware-Security-Advisory-kdelibs-Updates.html https://access.redhat.com/errata/RHSA-2019:2606 https://gist.githubusercontent.com/zeropwn/630832df151029cb8f22d5b6b9efaefb/raw/64aa3d30279acb207f787ce9c135eefd5e52643b/kde-kdesktopfile-command-injection.txt https://lists.deb • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-454: External Initialization of Trusted Variables or Data Stores •