Page 22 of 455 results (0.010 seconds)

CVSS: 8.2EPSS: 0%CPEs: 11EXPL: 0

CVE-2019-8308 – flatpak: potential /proc based sandbox escape

https://notcve.org/view.php?id=CVE-2019-8308

Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file. Flatpak, en versiones anteriores a la 1.0.7 y en versiones 1.1.x y 1.2.x anteriores a la 1.2.3, expone /proc en el sandbox de script apply_extra, lo que permite que los atacantes modifiquen un archivo ejecutable del lado del host. A flaw was found in flatpak. In certain special cases, installing flatpak applications and runtimes system-wide may allow an attacker to escape the flatpak sandbox. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00088.html https://access.redhat.com/errata/RHSA-2019:0375 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922059 https://github.com/flatpak/flatpak/releases/tag/1.0.7 https://github.com/flatpak/flatpak/releases/tag/1.2.3 https://access.redhat.com/security/cve/CVE-2019-8308 https://bugzilla.redhat.com/show_bug.cgi?id=1675070 • CWE-668: Exposure of Resource to Wrong Sphere CWE-672: Operation on a Resource after Expiration or Release •

CVSS: 5.5EPSS: 0%CPEs: 19EXPL: 2

CVE-2019-7665 – elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c

https://notcve.org/view.php?id=CVE-2019-7665

In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes. En elfutils 0.175, existe una sobrelectura de búfer basada en memoria dinámica (heap) en la función elf32_xlatetom en elf32_xlatetom.c. Una entrada ELF manipulada puede provocar un fallo de segmentación que conduce a una denegación de servicio (cierre inesperado del programa) debido a que ebl_core_note no rechaza las notas de archivo core mal formadas. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html https://access.redhat.com/errata/RHSA-2019:2197 https://access.redhat.com/errata/RHSA-2019:3575 https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html https://sourceware.org/bugzilla/show_bug.cgi?id=24089 https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html https://usn.ubuntu.com/4012-1 https://access.redhat.com&#x • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •

CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 1

CVE-2019-7548 – python-sqlalchemy: SQL Injection when the group_by parameter can be controlled

https://notcve.org/view.php?id=CVE-2019-7548

SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. SQLAlchemy 1.2.17 tiene una inyección SQL cuando el parámetro group_by se puede controlar. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00087.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00016.html https://access.redhat.com/errata/RHSA-2019:0981 https://access.redhat.com/errata/RHSA-2019:0984 https://github.com/no-security/sqlalchemy_test https://github.com/sqlalchemy/sqlalchemy/issues/4481#issuecomment-461204518 https://lists.debian.org/debian-lts-announce/2019/03/msg0 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 1

CVE-2019-7310 – poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc

https://notcve.org/view.php?id=CVE-2019-7310

In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo. En la versión 0.73.0 de Poppler, una sobrelectura de búfer (debido a un error en la propiedad signedness de un número entero en la función XRef::getEntry function en XRef.cc) basada en memoria dinámica (heap) permite a los atacantes remotos causar una denegación de servicio (cierre inesperado de la aplicación) o, potencialmente, otro impacto no especificado mediante un documento PDF manipulado, tal y como queda demostrado con pdftocairo. • http://www.securityfocus.com/bid/106829 https://access.redhat.com/errata/RHSA-2019:2022 https://access.redhat.com/errata/RHSA-2019:2713 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12797 https://gitlab.freedesktop.org/poppler/poppler/issues/717 https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BI7NLDN2 • CWE-125: Out-of-bounds Read CWE-681: Incorrect Conversion between Numeric Types •

CVSS: 6.1EPSS: 0%CPEs: 29EXPL: 0

CVE-2018-18506 – Mozilla: Proxy Auto-Configuration file can define localhost access to be proxied

https://notcve.org/view.php?id=CVE-2018-18506

When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing. This vulnerability affects Firefox < 65. Cuando la autodetección del proxy está habilitada, si un servidor web proporciona un archivo de autoconfiguración de proxy (PAC) o si dicho archivo se carga localmente, este último puede especificar peticiones al host local que están destinadas a enviarse a través del proxy hacia otro servidor. Este comportamiento está prohibido por defecto cuando un proxy se configura manualmente. • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00043.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html http://www.securityfocus.com/bid/106773 https://access.redhat.com/errata/RHSA-2019:0622 https://access.redhat.com/errata/RHSA-2019:0623 https://access.redhat.com/errata/RHSA-2019:0680 https:/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •