CVSS: 9.8EPSS: 4%CPEs: 11EXPL: 2CVE-2019-17455 – Ubuntu Security Notice USN-5108-1
https://notcve.org/view.php?id=CVE-2019-17455
10 Oct 2019 — Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request. Libntlm versiones hasta 1.5, se basa en un tamaño de búfer fijo para operaciones de lectura y escritura de las funciones tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge y tSmbNtlmAuthResponse, como es demostrado por una lectura excesiva de búfer en ... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00029.html • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 2%CPEs: 12EXPL: 0CVE-2019-17133 – kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c
https://notcve.org/view.php?id=CVE-2019-17133
04 Oct 2019 — In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow. En el kernel de Linux versiones hasta 5.3.2, la función cfg80211_mgd_wext_giwessid en el archivo net/wireless/wext-sme.c no rechaza un SSID IE largo, conllevando a un Desbordamiento de Búfer. A vulnerability was found in the Linux kernel's generic WiFi ESSID handling implementation. The flaw allows a system to join a wireless network where the ESSID is longer... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00064.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0CVE-2019-15165 – libpcap: Resource exhaustion during PHB header length validation
https://notcve.org/view.php?id=CVE-2019-15165
03 Oct 2019 — sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory. En el archivo sf-pcapng.c en libpcap versiones anteriores a 1.9.1, no comprueba apropiadamente la longitud del encabezado PHB antes de asignar la memoria. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. The compliance-operator image updates are now available for OpenShift Container Platf... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00051.html • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 3.3EPSS: 0%CPEs: 7EXPL: 0CVE-2019-17052 – Ubuntu Security Notice USN-4184-2
https://notcve.org/view.php?id=CVE-2019-17052
01 Oct 2019 — ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel 3.16 through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-0614e2b73768. ax25_create en net / ax25 / af_ax25.c en el módulo de red AF_AX25 en el kernel de Linux versión 3.16 hasta la la versión 5.3.2 no aplica CAP_NET_RAW, lo que significa que los usuarios no privilegiados pueden crear un socket en bruto, también conocido como CID-0614e2b73768 USN-4184-1 fixed vulner... • http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html • CWE-276: Incorrect Default Permissions •
CVSS: 4.0EPSS: 0%CPEs: 12EXPL: 0CVE-2019-17055 – kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol
https://notcve.org/view.php?id=CVE-2019-17055
01 Oct 2019 — base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21. La función base_sock_create en el archivo drivers/isdn/mISDN/socket.c en el módulo de red AF_ISDN en el kernel de Linux versiones hasta 5.3.2 no aplica CAP_NET_RAW, lo que significa que los usuarios no privilegiados pueden crear un socket en bruto, también se conoce como CID-b91ee4aa2a2... • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html • CWE-250: Execution with Unnecessary Privileges CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 1CVE-2019-15166 – lmp_print in tcpdump lacks certain boundary checks
https://notcve.org/view.php?id=CVE-2019-15166
01 Oct 2019 — lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks. La función lmp_print_data_link_subobjs() en el archivo print-lmp.c en tcpdump versiones anteriores a 4.9.3, carece de ciertas comprobaciones de límites. Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications r... • https://github.com/Satheesh575555/external_tcpdump_AOSP10_r33_CVE-2019-15166 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 2CVE-2019-16935 – python: XSS vulnerability in the documentation XML-RPC server in server_title field
https://notcve.org/view.php?id=CVE-2019-16935
28 Sep 2019 — The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server. La documentación del servidor XML-RPC en Python versiones hasta 2.7.16, versiones 3.x hasta 3.6.9 y versiones 3.7.x hasta 3.7.4, present... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00062.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 1%CPEs: 11EXPL: 0CVE-2019-9433 – libvpx: Use-after-free in vp8_deblock() in vp8/common/postproc.c
https://notcve.org/view.php?id=CVE-2019-9433
27 Sep 2019 — In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354 En libvpx, se presenta una posible divulgación de información debido a una comprobación de entrada inapropiada. Esto podría conllevar a una divulgación de información remota sin ser necesarios privilegios de ejecución adici... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00049.html • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 4%CPEs: 12EXPL: 0CVE-2019-9278 – libexif: out of bounds write in exif-data.c
https://notcve.org/view.php?id=CVE-2019-9278
27 Sep 2019 — In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774 En libexif, se presenta una posible escritura fuera de límites debido a un desbordamiento de enteros. Esto podría conllevar a una escalada de privilegios remota en el proveedor de contenido multimedi... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00000.html • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 1%CPEs: 11EXPL: 0CVE-2019-9232 – libvpx: Out of bounds read in vp8_norm table
https://notcve.org/view.php?id=CVE-2019-9232
27 Sep 2019 — In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483 En libvpx, se presenta una posible lectura fuera de límites debido a una falta de comprobación de límites. Esto podría conllevar a una divulgación de información remota sin ser necesarios privilegios de ejecución adicionales.... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00049.html • CWE-125: Out-of-bounds Read •