CVSS: 9.3EPSS: 0%CPEs: 7EXPL: 0CVE-2019-7443
https://notcve.org/view.php?id=CVE-2019-7443
KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability. KDE KAuth, versiones anteriores 5.55, permite el paso de parámetros con tipos arbitrarios a ayudantes que se ejecutan como root sobre DBus a través de DBusHelperProxy.cpp. Ciertos tipos pueden causar caídas y desencadenar la decodificación de imágenes arbitrarias con plugins cargados dinámicamente. • http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00065.html https://bugzilla.suse.com/show_bug.cgi?id=1124863 https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAWLQKTUQJOAPXOFWJQAQCA4LVM2P45F https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PXVUJNXB6QKGPT6YJPJSG3U2BIR5XK5Y • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 2%CPEs: 15EXPL: 0CVE-2019-5798 – chromium-browser: Out of bounds read in Skia
https://notcve.org/view.php?id=CVE-2019-5798
Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. La falta de comprobación de límites correcta en Skia en Google Chrome antes de la versión 73.0.3683.75, permitió que un atacante remoto ejecutara una lectura de memoria fuera de límites por medio de una página HTML creada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://access.redhat.com/errata/RHSA-2019:1308 https://access.redhat.com/errata/RHSA-2019:1309 https://access.redhat.com/errata/RHSA-2019:1310 https://chromereleases.googleblog.com/2019/03/stable-ch • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2019-9211
https://notcve.org/view.php?id=CVE-2019-9211
There is a reachable assertion abort in the function write_long_string_missing_values() in data/sys-file-writer.c in libdata.a in GNU PSPP 1.2.0 that will lead to denial of service. Hay un aborto de aserción alcanzable en la función write_long_string_missing_values() en data/sys-file-writer.c en libdata.a en la versión 1.2.0 de GNU PSPP que conducirá a una denegación de servicio (DoS). • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00068.html http://www.securityfocus.com/bid/107190 https://bugzilla.redhat.com/show_bug.cgi?id=1683499 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3QC6VFE2D7M6ZJXBXRIO4JZPKY57CLV • CWE-617: Reachable Assertion •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 1CVE-2019-3475 – Local privilege escalation in Filr famtd
https://notcve.org/view.php?id=CVE-2019-3475
A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6. Una vulnerabilidad de escalado de privilegios local en el componente famtd de Micro Focus Filr 3.0 permite que un atacante local autenticado como usuario con bajos privilegios escale a root. Esta vulnerabilidad afecta a todas las versiones 3.x de Filr anteriores al Security Update 6. Micro Focus Filr version 3.4.0.217 suffers from privilege escalation and path traversal vulnerabilities. • https://www.exploit-db.com/exploits/46450 https://download.novell.com/Download?buildid=nZUCSDkvpxk~ https://support.microfocus.com/kb/doc.php?id=7023727 • CWE-264: Permissions, Privileges, and Access Controls CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 1CVE-2019-3474 – Path traversal vulnerability in Filr web application
https://notcve.org/view.php?id=CVE-2019-3474
A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6. Una vulnerabilidad de salto de directorio en el componente de aplicación web de Micro Focus Filr, en versiones 3.x, permite que un atacante remoto autenticado como usuario con pocos privilegios descargue archivos arbitrarios del servidor Filr. Esta vulnerabilidad afecta a todas las versiones 3.x de Filr anteriores al Security Update 6. Micro Focus Filr version 3.4.0.217 suffers from privilege escalation and path traversal vulnerabilities. • https://www.exploit-db.com/exploits/46450 https://download.novell.com/Download?buildid=nZUCSDkvpxk~ https://support.microfocus.com/kb/doc.php?id=7023726 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •