CVSS: 8.3EPSS: 0%CPEs: 7EXPL: 2CVE-2019-9811 – Mozilla Firefox Language Pack XUL Injection Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2019-9811
As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. Como parte de una entrada Pwn2Own ganadora, un investigador demostró un escape del sandbox mediante la instalación de un paquete de idioma malicioso y luego abriendo una funcionalidad del navegador que usaba la traducción comprometida. Esta vulnerabilidad afecta a Firefox ESR anterior a versión 60.8, Firefox anterior a versión 68 y Thunderbird anterior a versión 60.8. This vulnerability allows remote attackers to escape the sandbox on affected installations of Mozilla Firefox. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html https://bugzilla.mozilla.org/show_bug.cgi?id=1538007 https://bugzilla.mozilla.org/show_bug.cgi?id=1539598 https://bugzilla.mozil • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-807: Reliance on Untrusted Inputs in a Security Decision •
CVSS: 8.8EPSS: 2%CPEs: 10EXPL: 0CVE-2019-11338
https://notcve.org/view.php?id=CVE-2019-11338
libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data. libavcodec/hevcdec.c en FFmpeg versión 3.4 y versión 4.1.2 maneja de forma incorrecta la detección de los primeros cortes duplicados, lo que permite a los atacantes remotos causar una denegación de servicio (desreferencia de puntero NULL y acceso fuera de límites) o posiblemente tener otro impacto no especificado a través de datos HEVC diseñados. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html http://www.securityfocus.com/bid/108034 https://github.com/FFmpeg/FFmpeg/commit/54655623a82632e7624714d7b2a3e039dc5faa7e https://github.com/FFmpeg/FFmpeg/commit/9ccc633068c6fe76989f487c8932bd11886ad65b https://lists.debian.org/debian-lts-announce/2019/05/msg00043.html https://seclists.org/bugtraq/2019/May/60 https://usn.ubuntu.com/3967-1 https://usn.ubuntu.com/4431-1 https://www.debian.org/security/2019/dsa-4449 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9267 – eDirectory LDAP peer certificate validation issue
https://notcve.org/view.php?id=CVE-2017-9267
In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operations. En Novell eDirectory, en versiones anteriores a la 9.0.3.1, la interfaz LDAP no imponía de forma estricta las restricciones de cifrado, lo que permite que cifrados débiles se empleen durante las operaciones SSL BIND. • https://www.novell.com/support/kb/doc.php?id=7016794 • CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2017-9277 – existing connection is being used even though eDirectory LDAP server is upgraded to EBA
https://notcve.org/view.php?id=CVE-2017-9277
The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA (Enhanced Background Authentication) kept open connections without EBA. El backend LDAP en Novell eDirectory, en versiones anteriores a la 9.0 SP4, al cambiar a EBA (Enhanced Background Authentication) mantenía las conexiones abiertas sin EBA. • https://bugzilla.suse.com/show_bug.cgi?id=1005473 https://www.netiq.com/documentation/edirectory-9/edirectory904_releasenotes/data/edirectory904_releasenotes.html https://www.novell.com/support/kb/doc.php?id=7016794 •
CVSS: 7.5EPSS: 64%CPEs: 13EXPL: 0CVE-2017-13704
https://notcve.org/view.php?id=CVE-2017-13704
In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash. En las versiones anteriores a la 2.78 de dnsmasq, si el tamaño del paquete DNS no coincide con el tamaño esperado, el parámetro size en una llamada memset obtiene un valor negativo. Como es un valor sin signo, memset acaba escribiendo hasta 0xffffffff ceros (0xffffffffffffffff en plataformas de 64 bits), haciendo que dnsmasq se cierre de manera inesperada. • http://thekelleys.org.uk/dnsmasq/CHANGELOG http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=63437ffbb58837b214b4b92cb1c54bc5f3279928 http://www.securityfocus.com/bid/101085 http://www.securityfocus.com/bid/101977 http://www.securitytracker.com/id/1039474 https://access.redhat.com/security/vulnerabilities/3199382 https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TK6DWC53WSU6633EVZL7H4PCWBYHMHK https:& • CWE-20: Improper Input Validation •