CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 1CVE-2019-9209
https://notcve.org/view.php?id=CVE-2019-9209
In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values. En Wireshark, desde la versión 2.4.0 hasta la 2.4.12 y desde la 2.6.0 hasta la 2.6.6, el disector ASN.1 BER y relacionados podrían cerrarse inesperadamente. Esto se abordó en epan/dissectors/packet-ber.c, previniendo un desbordamiento de búfer asociado con dígitos excesivos en los valores de tiempo. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/107203 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15447 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=f8fbe9f934d65b2694fa74622e5eb2e1dc8cd20b https://lists.debian.org/debian-lts-announce/2019/03/msg00031.html https:/ • CWE-193: Off-by-one Error CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-3824
https://notcve.org/view.php?id=CVE-2019-3824
A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. An authenticated user, having read permissions on the LDAP server, could use this flaw to cause denial of service. Se ha detectado un fallo en la manera en la que una expresión de búsqueda LDAP podría provocar el cierre inesperado del proceso del servidor LDAP de un AD DC de samba en samba en versiones anteriores a la 4.10. Un usuario autenticado con permisos de lectura en el servidor LDAP podría aprovechar este fallo para provocar una denegación de servicio (DoS). • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00035.html http://www.securityfocus.com/bid/107347 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3824 https://bugzilla.samba.org/show_bug.cgi?id=13773 https://lists.debian.org/debian-lts-announce/2019/03/msg00000.html https://security.netapp.com/advisory/ntap-20190226-0001 https://usn.ubuntu.com/3895-1 https://www.debian.org/security/2019/dsa-4397 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 1CVE-2019-9210 – advancecomp: integer overflow in png_compress in pngex.cc
https://notcve.org/view.php?id=CVE-2019-9210
In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. (There is also a heap-based buffer over-read.) En la versión 2.1 de AdvanceCOMP, png_compress en pngex.cc en advpng tiene un desbordamiento de enteros, al encontrarse con un tamaño de PNG inválido, lo que conduce a que un memcpy intente escribirse en un búfer que es demasiado pequeño. (Hay, también, una sobrelectura de búfer basada en memoria dinámica o heap). • https://lists.debian.org/debian-lts-announce/2019/03/msg00004.html https://lists.debian.org/debian-lts-announce/2021/12/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R56LVWC7KUNXFRKQB3Y5NX2YHFJKYZB4 https://sourceforge.net/p/advancemame/bugs/277 https://usn.ubuntu.com/3936-1 https://usn.ubuntu.com/3936-2 https://access.redhat.com/security/cve/CVE-2019-9210 https://bugzilla.redhat.com/show_bug.cgi?id=1684596 • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 2%CPEs: 6EXPL: 2CVE-2019-9200 – poppler: heap-based buffer overflow in function ImageStream::getLine() in Stream.cc
https://notcve.org/view.php?id=CVE-2019-9200
A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. Existe un "infraescritura" de búfer basado en memoria dinámica (heap) en mageStream::getLine() en Stream.cc en la versión 0.74.0 de Poppler que puede, por ejemplo, desencadenarse mediante el envío de un archivo PDF manipulado al binario pdfimages. Permite a un atacante provocar una denegación de servicio (fallo de segmentación) o tener otro impacto no especificado. • http://www.securityfocus.com/bid/107172 https://access.redhat.com/errata/RHSA-2019:2022 https://access.redhat.com/errata/RHSA-2019:2713 https://gitlab.freedesktop.org/poppler/poppler/issues/728 https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6OSCOYM3AMFFBJWSBWY6VJVLNE5JD7YS https://lists.fedoraproject.org/archives/list/packag • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 1%CPEs: 180EXPL: 0CVE-2019-1559 – 0-byte record padding oracle
https://notcve.org/view.php?id=CVE-2019-1559
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html http://www.securityfocus.com/bid/107174 https://access. • CWE-203: Observable Discrepancy CWE-325: Missing Cryptographic Step •