CVE-2019-5801
https://notcve.org/view.php?id=CVE-2019-5801
Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. La eliminación incorrecta de las URL en Omnibox en Google Chrome en iOS antes de la versión 73.0.3683.75, permitió que un atacante remoto ejecutara una suplantación de dominio por medio de una página HTML creada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html https://crbug.com/921390 • CWE-20: Improper Input Validation •
CVE-2019-5790 – chromium-browser: Heap buffer overflow in V8
https://notcve.org/view.php?id=CVE-2019-5790
An integer overflow leading to an incorrect capacity of a buffer in JavaScript in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Un desbordamiento de enteros que provoca una capacidad incorrecta de un búfer en JavaScript en Google Chrome antes de la versión 73.0.3683.75, permitió que un atacante remoto ejecutara código arbitrario dentro de un sandbox por medio de una página HTML creada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html https://crbug.com/914736 https://access.redhat.com/security/cve/CVE-2019-5790 https://bugzilla.redhat.com/show_bug.cgi?id=1688192 • CWE-190: Integer Overflow or Wraparound •
CVE-2019-5798 – chromium-browser: Out of bounds read in Skia
https://notcve.org/view.php?id=CVE-2019-5798
Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. La falta de comprobación de límites correcta en Skia en Google Chrome antes de la versión 73.0.3683.75, permitió que un atacante remoto ejecutara una lectura de memoria fuera de límites por medio de una página HTML creada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://access.redhat.com/errata/RHSA-2019:1308 https://access.redhat.com/errata/RHSA-2019:1309 https://access.redhat.com/errata/RHSA-2019:1310 https://chromereleases.googleblog.com/2019/03/stable-ch • CWE-125: Out-of-bounds Read •
CVE-2019-7524 – dovecot: Buffer overflow in indexer-worker process results in privilege escalation
https://notcve.org/view.php?id=CVE-2019-7524
In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components. En Dovecot, en versiones anteriores a la 2.2.36.3 y en las 2.3.x anteriores a la 2.3.5.1, un atacante local puede provocar un desbordamiento de búfer en el proceso "indexer-worker", que se podría utilizar para elevar a root. Esto ocurre debido a la falta de comprobaciones en los componentes fts y pop3-uidl. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00067.html http://www.openwall.com/lists/oss-security/2019/03/28/1 http://www.securityfocus.com/bid/107672 https://dovecot.org/list/dovecot-news/2019-March/000403.html https://dovecot.org/security.html https://lists.debian.org/debian-lts-announce/2019/03/msg00038.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.o • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-284: Improper Access Control •
CVE-2019-1787 – Clam AntiVirus PDF Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1787
A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data on an affected device. An attacker could exploit this vulnerability by sending crafted PDF files to an affected device. A successful exploit could allow the attacker to cause a heap buffer out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device. Una vulnerabilidad en la funcionalidad de escaneo del PDF (Portable Document Format) en las versiones de software 0.101.1 y anteriores de Clam AntiVirus (ClamAV), podría permitir a un atacante remoto no autenticado causar una condición de denegación de servicio (DoS) en un dispositivo afectado. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00062.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00064.html https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12181 https://lists.debian.org/debian-lts-announce/2019/04/msg00019.html https://security.gentoo.org/glsa/201904-12 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •