CVSS: 7.3EPSS: 1%CPEs: 15EXPL: 0CVE-2019-3835 – ghostscript: superexec operator is available (700585)
https://notcve.org/view.php?id=CVE-2019-3835
22 Mar 2019 — It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Se ha observado que el operador superexec estaba disponible en el diccionario interno en ghostscript en las versiones anteriores a la 9.27. Un archivo PostScript especialmente manipulado podría explotar este error, por ejemplo, para obtener ac... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html • CWE-648: Incorrect Use of Privileged APIs CWE-862: Missing Authorization •
CVSS: 7.3EPSS: 1%CPEs: 17EXPL: 0CVE-2019-3838 – ghostscript: forceput in DefineResource is still accessible (700576)
https://notcve.org/view.php?id=CVE-2019-3838
22 Mar 2019 — It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Se ha observado que el operador forceput podía ser extraído del método DefineResource en ghostscript en las versiones anteriores a la 9.27. Un archivo PostScript especialmente manipulado podría explotar este error, por ejemplo, para ob... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00011.html • CWE-648: Incorrect Use of Privileged APIs •
CVSS: 8.8EPSS: 9%CPEs: 11EXPL: 0CVE-2019-3863 – libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes
https://notcve.org/view.php?id=CVE-2019-3863
19 Mar 2019 — A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error. Se ha descubierto un problema en versiones anteriores a la 1.8.1 de libssh2. Un servidor podría enviar múltiples mensajes de respuesta interactiva mediante teclado cuya longitud total es mayor que el los caracteres no firmados char max. • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 4%CPEs: 16EXPL: 0CVE-2019-3857 – libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write
https://notcve.org/view.php?id=CVE-2019-3857
19 Mar 2019 — An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. Se ha descubierto un error de desbordamiento de enteros que podría conducir a una escritura fuera de límites en libssh2, en versiones anteriores a la 1.8.1, en la forma en la que se analizan los paq... • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 4%CPEs: 16EXPL: 0CVE-2019-3856 – libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write
https://notcve.org/view.php?id=CVE-2019-3856
19 Mar 2019 — An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. Se ha descubierto un error de desbordamiento de enteros que podría conducir a una escritura fuera de límites en libssh2, en versiones anteriores a la 1.8.1, en la forma en la que se analizan las peticiones de comandos de te... • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 13%CPEs: 18EXPL: 0CVE-2019-3855 – libssh2: Integer overflow in transport read resulting in out of bounds write
https://notcve.org/view.php?id=CVE-2019-3855
19 Mar 2019 — An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. Se ha descubierto un error de desbordamiento de enteros que podría conducir a una escritura fuera de límites en libssh2, en versiones anteriores a la 1.8.1, en la forma en la que los paquetes se leen desde el servidor. Un atacan... • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 5%CPEs: 41EXPL: 0CVE-2019-9636 – python: Information Disclosure due to urlsplit improper NFKC normalization
https://notcve.org/view.php?id=CVE-2019-9636
08 Mar 2019 — Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed c... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html • CWE-172: Encoding Error •
CVSS: 5.5EPSS: 5%CPEs: 13EXPL: 6CVE-2019-9213 – Reliable Datagram Sockets (RDS) - rds_atomic_free_op NULL pointer dereference Privilege Escalation
https://notcve.org/view.php?id=CVE-2019-9213
05 Mar 2019 — In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task. En el kernel de Linux, en versiones anteriores a la 4.20.14, expand_downwards en mm/mmap.c carece de una comprobación para la dirección mínima de mmap, lo que facilita que los atacantes exploten desreferencias de puntero NULL en el kernel en... • https://packetstorm.news/files/id/151991 • CWE-476: NULL Pointer Dereference •
CVSS: 5.9EPSS: 4%CPEs: 180EXPL: 0CVE-2019-1559 – 0-byte record padding oracle
https://notcve.org/view.php?id=CVE-2019-1559
26 Feb 2019 — If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order ... • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html • CWE-203: Observable Discrepancy CWE-325: Missing Cryptographic Step •
CVSS: 7.0EPSS: 0%CPEs: 55EXPL: 1CVE-2019-6454 – systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash
https://notcve.org/view.php?id=CVE-2019-6454
18 Feb 2019 — An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic). Se ha descubierto un problema en sd-bus en... • http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00070.html • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •