CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2019-9637 – php: File rename across filesystems may allow unwanted access during processing
https://notcve.org/view.php?id=CVE-2019-9637
An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data. Se ha detectado un fallo en PHP en versiones anteriores a la 7.1.27, en las 7.2.x anteriores a la 7.2.16 y en las 7.3.x anteriores a la 7.3.3. Debido a la manera en la que "rename()" se implementa en los sistemas de archivos es posible que el archivo que se está renombrado esté brevemente disponible con los permisos incorrectos mientras que dicho proceso siga en curso, habilitando el acceso a los datos a usuarios no autenticados. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html https://access.redhat.com/errata/RHSA-2019:2519 https://access.redhat.com/errata/RHSA-2019:3299 https://bugs.php.net/bug.php?id=77630 https://lists.debian.org/debian-lts-announce/2019/03/msg0 • CWE-264: Permissions, Privileges, and Access Controls CWE-266: Incorrect Privilege Assignment •
CVSS: 9.8EPSS: 1%CPEs: 41EXPL: 0CVE-2019-9636 – python: Information Disclosure due to urlsplit improper NFKC normalization
https://notcve.org/view.php?id=CVE-2019-9636
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html http://www.securityfocus.com/bid/107400 https://access. • CWE-172: Encoding Error •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 4CVE-2019-9213 – Linux < 4.20.14 - Virtual Address 0 is Mappable via Privileged write() to /proc/*/mem
https://notcve.org/view.php?id=CVE-2019-9213
In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task. En el kernel de Linux, en versiones anteriores a la 4.20.14, expand_downwards en mm/mmap.c carece de una comprobación para la dirección mínima de mmap, lo que facilita que los atacantes exploten desreferencias de puntero NULL en el kernel en plataformas que no son SMAP. Esto esto está relacionado con una comprobación de capacidades para la tarea equivocada. A flaw was found in mmap in the Linux kernel allowing the process to map a null page. • https://www.exploit-db.com/exploits/46502 https://www.exploit-db.com/exploits/47957 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0a1d52994d440e21def1c2174932410b4f2a98a1 http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00045.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00052.html http://packetstormsecurity.com/files/156053/Reliable-Datagram-Sockets-RDS-rds_atomic_free_op-Privilege-Escalation.html http://www.securityfocus.com/bid/107296 https&# • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 1%CPEs: 10EXPL: 7CVE-2019-9023 – php: Heap-based buffer over-read in mbstring regular expression functions
https://notcve.org/view.php?id=CVE-2019-9023
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regexec.c, ext/mbstring/oniguruma/regparse.c, ext/mbstring/oniguruma/enc/unicode.c, and ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences. Se ha descubierto un problema en PHP en versiones anteriores a la 5.6.40, versiones 7.x anteriores a la 7.1.26, versiones 7.2.x anteriores a la 7.2.14 y versiones 7.3.x anteriores a la 7.3.1. Existen instancias de sobrelectura de búfer basada en memoria dinámica (heap) en las funciones de expresión regular mbstring cuando se les proporcionan datos multibyte inválidos. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html http://www.securityfocus.com/bid/107156 https://access.redhat.com/errata/RHSA-2019:2519 https://access.redhat.com/errata/RHSA-2019:3299 https://bugs.php.net/bug.php?id=77370 https://bugs. • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 2%CPEs: 10EXPL: 1CVE-2019-9024 – php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c
https://notcve.org/view.php?id=CVE-2019-9024
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c. Se ha descubierto un problema en PHP en versiones anteriores a la 5.6.40, versiones 7.x anteriores a la 7.1.26, versiones 7.2.x anteriores a la 7.2.14 y versiones 7.3.x anteriores a la 7.3.1. xmlrpc_decode() puede permitir que un servidor XMLRPC hostil provoque que la memoria PHP lea memoria más allá de las áreas asignadas en base64_decode_xmlrpc en ext/xmlrpc/libxmlrpc/base64.c. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html http://www.securityfocus.com/bid/107156 https://access.redhat.com/errata/RHSA-2019:2519 https://access.redhat.com/errata/RHSA-2019:3299 https://bugs.php.net/bug.php?id=77380 https://security& • CWE-125: Out-of-bounds Read •