CVE-2019-5789 – Google Chrome < M73 - MidiManagerWin Use-After-Free
https://notcve.org/view.php?id=CVE-2019-5789
An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. Un desbordamiento de enteros que provoca un uso de memoria previamente liberada (use-after-free) en WebMIDI en Google Chrome en Windows antes de la versión 73.0.3683.75, permitió que un atacante remoto que había comprometido el proceso del renderizador ejecutara código arbitrario por medio de una página HTML creada. Chrome suffers from a use-after-free vulnerability in MidiManagerWin. • https://www.exploit-db.com/exploits/46570 http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html https://crbug.com/921581 https://access.redhat.com/security/cve/CVE-2019-5789 https://bugzilla.redhat.com/show_bug.cgi?id=1688191 • CWE-190: Integer Overflow or Wraparound CWE-416: Use After Free •
CVE-2019-5788 – Google Chrome < M73 - FileSystemOperationRunner Use-After-Free
https://notcve.org/view.php?id=CVE-2019-5788
An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. Un desbordamiento de enteros que provoca un uso de memoria previamente liberada (use-after-free) en Blink Storage en Google Chrome sobre Linux antes de la versión 73.0.3683.75, permitió que un atacante remoto que había comprometido el proceso del renderizador ejecutara código arbitrario por medio de una página HTML creada. Chrome suffers from a use-after-free vulnerability in FileSystemOperationRunner. • https://www.exploit-db.com/exploits/46571 http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html https://crbug.com/925864 https://access.redhat.com/security/cve/CVE-2019-5788 https://bugzilla.redhat.com/show_bug.cgi?id=1688190 • CWE-190: Integer Overflow or Wraparound CWE-416: Use After Free •
CVE-2019-5796 – Google Chrome < M73 - Data Race in ExtensionsGuestViewMessageFilter
https://notcve.org/view.php?id=CVE-2019-5796
Data race in extensions guest view in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. La carrera de datos en Extensions Guest View en Google Chrome antes de la versión 73.0.3683.75, permitió a un atacante remoto explotar potencialmente una corrupción de pila por medio de una página HTML creada. There appears to be a race condition in the destruction of the ExtensionsGuestViewMessageFilter if the ProcessIdToFilterMap is modified concurrently in Chrome. • https://www.exploit-db.com/exploits/46566 http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html https://crbug.com/918861 https://access.redhat.com/security/cve/CVE-2019-5796 https://bugzilla.redhat.com/show_bug.cgi?id=1688198 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-787: Out-of-bounds Write •
CVE-2019-8934
https://notcve.org/view.php?id=CVE-2019-8934
hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest. hw/ppc/spapr.c en QEMU, hasta la versión 3.1.0, permite la exposición de información debido a que el hipervisor comparte los atributos del sistema en /proc/device-tree/system-id and /proc/device-tree/model con un invitado. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00094.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00040.html http://www.openwall.com/lists/oss-security/2019/02/21/1 http://www.securityfocus.com/bid/107115 https://lists.gnu.org/archive/html/qemu-devel/2019-02/msg04821.html https://security.netapp.com/advisory/ntap-20190411-0006 • CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2019-6778 – QEMU: slirp: heap buffer overflow in tcp_emu()
https://notcve.org/view.php?id=CVE-2019-6778
In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow. En QEMU 3.0.0, tcp_emu en slirp/tcp_subr.c tiene un desbordamiento de búfer basado en memoria dinámica (heap). A heap buffer overflow issue was found in the SLiRP networking implementation of the QEMU emulator. It occurs in tcp_emu() routine while emulating the Identification protocol and copying message data to a socket buffer. A user or process could use this flaw to crash the QEMU process on the host resulting in a DoS or potentially executing arbitrary code with privileges of the QEMU process. • http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00073.html http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html http://www.openwall.com/lists/oss-security/2019/01/24/5 http://www.securityfocus.com/bid/106758 https://access.redhat.com& • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •