CVSS: 5.9EPSS: 0%CPEs: 16EXPL: 1CVE-2019-11045 – DirectoryIterator class silently truncates after a null byte
https://notcve.org/view.php?id=CVE-2019-11045
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access. En PHP versiones 7.2.x por debajo de 7.2.26, versiones 7.3.x por debajo de 7.3.13 y 7.4.0, la clase DirectoryIterator de PHP acepta nombres de archivo con \0 byte insertado y los trata como terminando en ese byte. Esto podría conllevar a vulnerabilidades de seguridad, por ejemplo en aplicaciones que comprueban las rutas a las que se permite acceder al código. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html https://bugs.php.net/bug.php?id=78863 https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F https://seclists.org/bugtraq/2020/Feb/27 https://seclists.org/bugtraq/2020/Feb/31 ht • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-170: Improper Null Termination •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-11044 – link() silently truncates after a null byte on Windows
https://notcve.org/view.php?id=CVE-2019-11044
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access. En PHP versiones 7.2.x por debajo de 7.2.26, versiones 7.3.x por debajo de 7.3.13 y 7.4.0 en Windows, la función PHP link() acepta nombres de archivo con /0 byte insertado y los trata como terminando en ese byte. Esto podría conllevar a vulnerabilidades de seguridad, por ejemplo en aplicaciones que comprueban las rutas a las que se permite acceder al código. • https://bugs.php.net/bug.php?id=78862 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F https://security.netapp.com/advisory/ntap-20200103-0002 https://www.tenable.com/security/tns-2021-14 • CWE-170: Improper Null Termination •
CVSS: 9.8EPSS: 1%CPEs: 44EXPL: 0CVE-2019-19919 – nodejs-handlebars: prototype pollution leading to remote code execution via crafted payloads
https://notcve.org/view.php?id=CVE-2019-19919
Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads. Las versiones anteriores a 4.3.0 de handlebars, son vulnerables a la Contaminación de Prototipos conllevando a una ejecución de código remota. Las plantillas pueden alterar las propiedades __proto__ y __defineGetter__ de un Objeto, lo que puede permitir a un atacante ejecutar código arbitrario por medio de cargas útiles diseñadas. A flaw was found in nodejs-handlebars, where it is vulnerable to Prototype Pollution leading to Remote Code Execution. • https://www.npmjs.com/advisories/1164 https://www.tenable.com/security/tns-2021-14 https://access.redhat.com/security/cve/CVE-2019-19919 https://bugzilla.redhat.com/show_bug.cgi?id=1789959 • CWE-471: Modification of Assumed-Immutable Data (MAID) CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 0CVE-2019-19646
https://notcve.org/view.php?id=CVE-2019-19646
pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns. El archivo pragma.c en SQLite versiones hasta 3.30.1, maneja inapropiadamente NOT NULL en un comando PRAGMA de integrity_check en determinados casos de columnas generadas. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://github.com/sqlite/sqlite/commit/926f796e8feec15f3836aa0a060ed906f8ae04d3 https://github.com/sqlite/sqlite/commit/ebd70eedd5d6e6a890a670b5ee874a5eae86b4dd https://security.netapp.com/advisory/ntap-20191223-0001 https://www.oracle.com/security-alerts/cpuapr2020.html https://www.sqlite.org https://www.tenable.com/security/tns-2021-14 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-19645
https://notcve.org/view.php?id=CVE-2019-19645
alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements. El archivo alter.c en SQLite versiones hasta 3.30.1, permite a atacantes activar una recursión infinita por medio de ciertos tipos de vistas autorreferenciales junto con declaraciones ALTER TABLE. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://github.com/sqlite/sqlite/commit/38096961c7cd109110ac21d3ed7dad7e0cb0ae06 https://security.netapp.com/advisory/ntap-20191223-0001 https://usn.ubuntu.com/4394-1 https://www.oracle.com/security-alerts/cpuapr2020.html https://www.tenable.com/security/tns-2021-14 • CWE-674: Uncontrolled Recursion •