CVSS: 9.3EPSS: 2%CPEs: 5EXPL: 1CVE-2019-5788 – Google Chrome < M73 - FileSystemOperationRunner Use-After-Free
https://notcve.org/view.php?id=CVE-2019-5788
An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. Un desbordamiento de enteros que provoca un uso de memoria previamente liberada (use-after-free) en Blink Storage en Google Chrome sobre Linux antes de la versión 73.0.3683.75, permitió que un atacante remoto que había comprometido el proceso del renderizador ejecutara código arbitrario por medio de una página HTML creada. Chrome suffers from a use-after-free vulnerability in FileSystemOperationRunner. • https://www.exploit-db.com/exploits/46571 http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html https://crbug.com/925864 https://access.redhat.com/security/cve/CVE-2019-5788 https://bugzilla.redhat.com/show_bug.cgi?id=1688190 • CWE-190: Integer Overflow or Wraparound CWE-416: Use After Free •
CVSS: 7.5EPSS: 33%CPEs: 5EXPL: 1CVE-2019-5796 – Google Chrome < M73 - Data Race in ExtensionsGuestViewMessageFilter
https://notcve.org/view.php?id=CVE-2019-5796
Data race in extensions guest view in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. La carrera de datos en Extensions Guest View en Google Chrome antes de la versión 73.0.3683.75, permitió a un atacante remoto explotar potencialmente una corrupción de pila por medio de una página HTML creada. There appears to be a race condition in the destruction of the ExtensionsGuestViewMessageFilter if the ProcessIdToFilterMap is modified concurrently in Chrome. • https://www.exploit-db.com/exploits/46566 http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html https://crbug.com/918861 https://access.redhat.com/security/cve/CVE-2019-5796 https://bugzilla.redhat.com/show_bug.cgi?id=1688198 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-787: Out-of-bounds Write •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 1CVE-2019-8934
https://notcve.org/view.php?id=CVE-2019-8934
hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest. hw/ppc/spapr.c en QEMU, hasta la versión 3.1.0, permite la exposición de información debido a que el hipervisor comparte los atributos del sistema en /proc/device-tree/system-id and /proc/device-tree/model con un invitado. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00094.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00040.html http://www.openwall.com/lists/oss-security/2019/02/21/1 http://www.securityfocus.com/bid/107115 https://lists.gnu.org/archive/html/qemu-devel/2019-02/msg04821.html https://security.netapp.com/advisory/ntap-20190411-0006 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2019-6778 – QEMU: slirp: heap buffer overflow in tcp_emu()
https://notcve.org/view.php?id=CVE-2019-6778
In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow. En QEMU 3.0.0, tcp_emu en slirp/tcp_subr.c tiene un desbordamiento de búfer basado en memoria dinámica (heap). A heap buffer overflow issue was found in the SLiRP networking implementation of the QEMU emulator. It occurs in tcp_emu() routine while emulating the Identification protocol and copying message data to a socket buffer. A user or process could use this flaw to crash the QEMU process on the host resulting in a DoS or potentially executing arbitrary code with privileges of the QEMU process. • http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00073.html http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html http://www.openwall.com/lists/oss-security/2019/01/24/5 http://www.securityfocus.com/bid/106758 https://access.redhat.com& • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-3833 – openwsman: Infinite loop in process_connection() allows denial of service
https://notcve.org/view.php?id=CVE-2019-3833
Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server. Openwsman, en versiones hasta e incluyendo la 2.6.9, es vulnerable a un bucle infinito en process_connection() al analizar peticiones HTTP especialmente manipuladas. Un atacante remoto no autenticado podría explotar esta vulnerabilidad enviando una petición HTTP especialmente manipulada para provocar una denegación de servicio (DoS) en el servidor openwsman. • http://bugzilla.suse.com/show_bug.cgi?id=1122623 http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00065.html http://www.securityfocus.com/bid/107367 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3833 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2V5HJ355RSKMFQ7GRJAHRZNDVXASF7TA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •