CVE-2019-10182 – icedtea-web: path traversal while processing <jar/> elements of JNLP files results in arbitrary file overwrite
https://notcve.org/view.php?id=CVE-2019-10182
It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the context of the user. Se descubrió que icedtea-web, aunque 1.7.2 y 1.8.2 no desinfectaban correctamente las rutas de los elementos en los archivos JNLP. Un atacante podría engañar a una víctima para que ejecute una aplicación especialmente diseñada y usar esta fallo para cargar archivos arbitrarios en ubicaciones arbitrarias en el contexto del usuario. It was found that icedtea-web did not properly sanitize paths from <jar/> elements in JNLP files. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00045.html http://packetstormsecurity.com/files/154748/IcedTeaWeb-Validation-Bypass-Directory-Traversal-Code-Execution.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10182 https://github.com/AdoptOpenJDK/IcedTea-Web/issues/327 https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344 https://lists.debian.org/debian-lts-announce/2019/09/msg00008.html https://seclists.org/bugtraq/2019/Oct/5 https://access.redhat.com/security/cv • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2019-10153 – fence-agents: mis-handling of non-ASCII characters in guest comment fields
https://notcve.org/view.php?id=CVE-2019-10153
A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing automated recovery or otherwise denying service to clusters of which that VM is a member. Se detectó un fallo en fence-agents, anterior a versión 4.3.4, donde el uso de caracteres no ASCII en un comentario de una Máquina Virtual invitada u otros campos causaría que fence_rhevm salga con una excepción. En entornos de clúster, esto podría conllevar a impedir una recuperación automatizada o por otra parte denegar el servicio a los clústeres de los que esa Máquina Virtual es miembro. • https://access.redhat.com/errata/RHSA-2019:2037 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10153 https://github.com/ClusterLabs/fence-agents/pull/255 https://github.com/ClusterLabs/fence-agents/pull/272 https://access.redhat.com/security/cve/CVE-2019-10153 https://bugzilla.redhat.com/show_bug.cgi?id=1716286 • CWE-172: Encoding Error •
CVE-2019-11775 – JDK: Failure to privatize a value pulled out of the loop by versioning
https://notcve.org/view.php?id=CVE-2019-11775
All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of that field in the modified copy of the loop allowing the test to see one value of the field and subsequently the loop to see a modified field value without retesting the condition moved out of the loop. This can lead to a variety of different issues but read out of array bounds is one major consequence of these problems. Todas las compilaciones de OpenJ9 de Eclipse anteriores a versión 0.15, contienen un bug donde el versionador de bucle puede fallar al privatizar un valor que se extrae del bucle mediante el versionado – por ejemplo, si hay una condición que es movida fuera del bucle que lee un campo no podemos privatizar el valor de ese campo en la copia modificada del bucle permitiendo a la prueba visualizar un valor del campo y posteriormente el bucle para visualizar un valor del campo modificado sin volver a probar la condición movida fuera del bucle. Esto puede conllevar a una variedad de problemas diferentes, pero la lectura fuera de límites de la matriz es una consecuencia importante de estos problemas. • https://access.redhat.com/errata/RHSA-2019:2494 https://access.redhat.com/errata/RHSA-2019:2495 https://access.redhat.com/errata/RHSA-2019:2585 https://access.redhat.com/errata/RHSA-2019:2590 https://access.redhat.com/errata/RHSA-2019:2592 https://access.redhat.com/errata/RHSA-2019:2737 https://bugs.eclipse.org/bugs/show_bug.cgi?id=549601 https://access.redhat.com/security/cve/CVE-2019-11775 https://bugzilla.redhat.com/show_bug.cgi?id=1738549 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVE-2018-16871 – kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence
https://notcve.org/view.php?id=CVE-2018-16871
A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost. Se detectó un fallo en la implementación de NFS del kernel de Linux, todas las versiones 3.x y todas las versiones 4.x hasta 4.20. • https://access.redhat.com/errata/RHSA-2019:2696 https://access.redhat.com/errata/RHSA-2019:2730 https://access.redhat.com/errata/RHSA-2020:0740 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16871 https://security.netapp.com/advisory/ntap-20211004-0002 https://support.f5.com/csp/article/K18657134 https://support.f5.com/csp/article/K18657134?utm_source=f5support&%3Butm_medium=RSS https://access.redhat.com/security/cve/CVE-2018-16871 https://bugzilla.redhat.com/show_b • CWE-476: NULL Pointer Dereference •
CVE-2019-8689 – Webkit JSC: JIT - Uninitialized Variable Access in ArgumentsEliminationPhase::transform
https://notcve.org/view.php?id=CVE-2019-8689
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. Múltiples problemas de corrupción de memoria fueron abordados mejorando el manejo de la memoria. Este problema es corregido en iOS versión 12.4, macOS Mojave versión 10.14.6, tvOS versión 12.4, watchOS versión 5.3, Safari versión 12.1.2, iTunes para Windows versión 12.9.6, iCloud para Windows versión 7.13, iCloud para Windows versión 10.6. • https://www.exploit-db.com/exploits/47316 https://support.apple.com/HT210346 https://support.apple.com/HT210348 https://support.apple.com/HT210351 https://support.apple.com/HT210353 https://support.apple.com/HT210355 https://support.apple.com/HT210356 https://support.apple.com/HT210357 https://support.apple.com/HT210358 https://access.redhat.com/security/cve/CVE-2019-8689 https://bugzilla.redhat.com/show_bug.cgi?id=1876657 • CWE-787: Out-of-bounds Write •