CVSS: 7.4EPSS: 0%CPEs: 33EXPL: 0CVE-2019-0223 – qpid-proton: TLS Man in the Middle Vulnerability
https://notcve.org/view.php?id=CVE-2019-0223
23 Apr 2019 — While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic. Mientras investigábamos el error PROTON-2014, descubrimos que en algunas circ... • http://www.openwall.com/lists/oss-security/2019/04/23/4 • CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 9.8EPSS: 1%CPEs: 41EXPL: 0CVE-2019-9636 – python: Information Disclosure due to urlsplit improper NFKC normalization
https://notcve.org/view.php?id=CVE-2019-9636
08 Mar 2019 — Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed c... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html • CWE-172: Encoding Error •
CVSS: 7.0EPSS: 0%CPEs: 55EXPL: 1CVE-2019-6454 – systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash
https://notcve.org/view.php?id=CVE-2019-6454
18 Feb 2019 — An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic). Se ha descubierto un problema en sd-bus en... • http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00070.html • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 4%CPEs: 60EXPL: 4CVE-2019-6974 – Linux - 'kvm_ioctl_create_device()' NULL Pointer Dereference
https://notcve.org/view.php?id=CVE-2019-6974
15 Feb 2019 — In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free. En el kernel de Linux en versiones anteriores a la 4.20.8, kvm_ioctl_create_device en virt/kvm/kvm_main.c gestiona de manera incorrecta el conteo de referencias debido a una condición de carrera, lo que conduce a un uso de memoria previamente liberada. A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor imp... • https://packetstorm.news/files/id/151690 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 1CVE-2018-16864 – systemd: stack overflow when calling syslog from a command with long cmdline
https://notcve.org/view.php?id=CVE-2018-16864
09 Jan 2019 — An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable. Se ha descubierto una asignación de memoria sin límites, que podría resultar en que la pila choque con otra región de memoria, en systemd-journald, cuando un programa con argumento... • http://www.openwall.com/lists/oss-security/2021/07/20/2 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 2%CPEs: 20EXPL: 2CVE-2018-16865 – systemd: stack overflow when receiving many journald entries
https://notcve.org/view.php?id=CVE-2018-16865
09 Jan 2019 — An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable. Se ha descubierto una asignación de memoria sin límites que podría resultar en que la pila choque con otra región de memoria, ... • https://packetstorm.news/files/id/152841 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.1EPSS: 0%CPEs: 17EXPL: 2CVE-2018-18397 – kernel: userfaultfd bypasses tmpfs file permissions
https://notcve.org/view.php?id=CVE-2018-18397
12 Dec 2018 — The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c. La implementación de userfaultfd en el kernel de Linux en versiones anteriores a la 4.17 gestiona de manera incorrecta para ciertas llamadas ioctl UFFDIO_, tal y como queda demos... • https://packetstorm.news/files/id/150748 • CWE-20: Improper Input Validation CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 9%CPEs: 30EXPL: 0CVE-2018-18311 – perl: Integer overflow leading to buffer overflow in Perl_my_setenv()
https://notcve.org/view.php?id=CVE-2018-18311
30 Nov 2018 — Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. Perl, en versiones anteriores a la 5.26.3 y versiones 5.28.0.x anteriores a la 5.28.1, tiene un desbordamiento de búfer mediante una expresión regular manipulada que desencadena operaciones inválidas de escritura. Jayakrishna Menon discovered that Perl incorrectly handled Perl_my_setenv. An attacker could use this issue to cause Perl to crash, resulting in a denial of se... • http://seclists.org/fulldisclosure/2019/Mar/49 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2018-14646 – kernel: NULL pointer dereference in af_netlink.c:__netlink_ns_capable() allows for denial of service
https://notcve.org/view.php?id=CVE-2018-14646
26 Nov 2018 — The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service. El kernel de Linux en versiones anteriores a la 4.15-rc8 era vulnerable a un error de desreferencia de puntero NULL en la función __netlink_ns_capable() en el archivo net/netlink/af_netlink.c. Un atacante loc... • https://access.redhat.com/errata/RHSA-2018:3651 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 1%CPEs: 18EXPL: 0CVE-2018-12389 – Mozilla: Memory safety bugs fixed in Firefox ESR 60.3
https://notcve.org/view.php?id=CVE-2018-12389
25 Oct 2018 — Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.3 and Thunderbird < 60.3. Los desarrolladores de Mozilla y los miembros de la comunidad reportaron problemas de seguridad existentes en Firefox ESR 60.2. Algunos de estos errores mostraban evidencias de corrupción ... • http://www.securityfocus.com/bid/105723 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •