CVE-2019-2698 – Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in GlyphIterator::setCurrGlyphID
https://notcve.org/view.php?id=CVE-2019-2698
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. • https://www.exploit-db.com/exploits/46723 http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://access.redhat.com/errata/RHBA-2019:0959 https://access.redhat.com/errata/RHSA-2019:1146 https://access.redhat.com/errata/RHSA-2019:1163 https:/& • CWE-787: Out-of-bounds Write •
CVE-2019-3459 – kernel: Heap address information leak while using L2CAP_GET_CONF_OPT
https://notcve.org/view.php?id=CVE-2019-3459
A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. Se descubrió una fuga de información de direcciones en memoria dinámica mientras se usaba L2CAP_GET_CONF_OPT en el kernel de Linux anterior a 5.1-rc1. A flaw was found in the Linux kernel's implementation of Logical Link Control and Adaptation Protocol (L2CAP), part of the Bluetooth stack. An attacker, within the range of standard Bluetooth transmissions, can create and send a specially crafted packet. The response to this specially crafted packet can contain part of the kernel stack which can be used in a further attack. • http://www.openwall.com/lists/oss-security/2019/06/27/2 http://www.openwall.com/lists/oss-security/2019/06/27/7 http://www.openwall.com/lists/oss-security/2019/06/28/1 http://www.openwall.com/lists/oss-security/2019/06/28/2 http://www.openwall.com/lists/oss-security/2019/08/12/1 https://access.redhat.com/errata/RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2043 https://access.redhat.com/errata/RHSA-2019:3309 https://access.redhat. • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2019-3838 – ghostscript: forceput in DefineResource is still accessible (700576)
https://notcve.org/view.php?id=CVE-2019-3838
It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Se ha observado que el operador forceput podía ser extraído del método DefineResource en ghostscript en las versiones anteriores a la 9.27. Un archivo PostScript especialmente manipulado podría explotar este error, por ejemplo, para obtener acceso al sistema de archivos fuera de las restricciones impuestas por -dSAFER. It was found that the forceput operator could be extracted from the DefineResource method. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00018.html http://packetstormsecurity.com/files/152367/Slackware-Security-Advisory-ghostscript-Updates.html https://access.redhat.com/errata/RHSA-2019:0652 https://access.redhat.com/errata/RHSA-2019:0971 https://bugs.ghostscript.com/show_bug.cgi?id=700576 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3838 https://lists.debian.org/debian-lts-announce/2 • CWE-648: Incorrect Use of Privileged APIs •
CVE-2019-9636 – python: Information Disclosure due to urlsplit improper NFKC normalization
https://notcve.org/view.php?id=CVE-2019-9636
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html http://www.securityfocus.com/bid/107400 https://access. • CWE-172: Encoding Error •
CVE-2019-1559 – 0-byte record padding oracle
https://notcve.org/view.php?id=CVE-2019-1559
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html http://www.securityfocus.com/bid/107174 https://access. • CWE-203: Observable Discrepancy CWE-325: Missing Cryptographic Step •