CVSS: 8.8EPSS: 3%CPEs: 14EXPL: 1CVE-2019-5827 – sqlite: out-of-bounds access due to the use of 32-bit memory allocator interfaces
https://notcve.org/view.php?id=CVE-2019-5827
16 May 2019 — Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. El desbordamiento de enteros en SQLite a través de WebSQL en Google Chrome antes de 74.0.3729.131 permitió que un atacante remoto pudiera explotar la corrupción del heap a través de una página HTML diseñada. Red Hat Advanced Cluster Management for Kubernetes 2.2.10 images Red Hat Advanced Cluster Management for Kubernetes provides the capabil... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.4EPSS: 3%CPEs: 9EXPL: 0CVE-2019-12098 – Ubuntu Security Notice USN-5675-1
https://notcve.org/view.php?id=CVE-2019-12098
15 May 2019 — In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c. En el lado del cliente de Heimdal anterior de la versión 7.6.0, el fallo en la comprobación anónima del intercambio de claves PKINIT PA-PKINIT-KX permite un ataque de tipo man-in-the-middle. Este problema está en krb5_init_creds_step en lib/krb5/init_creds_pw.c. Isaac Boukris and Andrew Bartlett discove... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00002.html •
CVSS: 6.8EPSS: 0%CPEs: 30EXPL: 0CVE-2019-11884 – kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command
https://notcve.org/view.php?id=CVE-2019-11884
10 May 2019 — The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character. La función do_hidp_sock_ioctl en net/bluetooth/hidp/sock.c en el kernel de Linux, versiones anteriores a 5.0.15, permite a un usuario local obtener información potencialmente sensible de la memoria de la pila del kernel a través de un comando HI... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 1%CPEs: 29EXPL: 2CVE-2019-11815 – Ubuntu Security Notice USN-4008-3
https://notcve.org/view.php?id=CVE-2019-11815
08 May 2019 — An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup. Se descubrió un problema en rds_tcp_kill_sock en net/rds/tcp.c en el núcleo de Linux anterior a la versión 5.0.8. Existe una condición de carrera que conduce a un uso después de liberación de memoria, relacionado con la limpieza del espacio de nombres de red. Adam Zabrocki discovered that the Intel i915 kernel mode graphics d... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 9.3EPSS: 1%CPEs: 7EXPL: 0CVE-2019-7443 – Ubuntu Security Notice USN-6035-1
https://notcve.org/view.php?id=CVE-2019-7443
07 May 2019 — KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability. KDE KAuth, versiones anteriores 5.55, permite el paso de parámetros con tipos arbitrarios a ayudante... • http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00060.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 2%CPEs: 8EXPL: 0CVE-2019-5805 – chromium-browser: Use after free in PDFium
https://notcve.org/view.php?id=CVE-2019-5805
07 May 2019 — Use-after-free in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Use-after-free en PDFium en Google Chrome antes del 74.0.3729.108 permitió a un atacante remoto explotar potencialmente la corrupción del montón a través de un archivo PDF creado. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 74.0.3729.108. Issues addressed include buffer overflow, bypass, and informati... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 9EXPL: 0CVE-2019-5806 – chromium-browser: Integer overflow in Angle
https://notcve.org/view.php?id=CVE-2019-5806
07 May 2019 — Integer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. El desbordamiento de enteros en ANGLE en Google Chrome en Windows antes de 74.0.3729.108 permitió que un atacante remoto pudiera explotar la corrupción del montón a través de una página HTML diseñada Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 74.0.3729.108. Issues addressed include buffe... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 0CVE-2019-5807 – chromium-browser: Memory corruption in V8
https://notcve.org/view.php?id=CVE-2019-5807
07 May 2019 — Object lifetime issue in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. El problema de la vida útil del objeto en V8 en Google Chrome antes de 74.0.3729.108 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 74.0.3729.108. Issues addressed include buffer overf... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 0CVE-2019-5808 – chromium-browser: Use after free in Blink
https://notcve.org/view.php?id=CVE-2019-5808
07 May 2019 — Use after free in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Use-after-free en Blink en Google Chrome antes de 74.0.3729.108 permitió que un atacante remoto pudiera explotar la corrupción del heap a través de una página HTML diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 74.0.3729.108. Issues addressed include buffer overflow, bypass, and information lea... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 2%CPEs: 8EXPL: 0CVE-2019-5809 – chromium-browser: Use after free in Blink
https://notcve.org/view.php?id=CVE-2019-5809
07 May 2019 — Use after free in file chooser in Google Chrome prior to 74.0.3729.108 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. Use-after-free en el selector de archivos en Google Chrome antes del 74.0.3729.108 permitió que un atacante remoto que había comprometido el proceso del renderizador realizara una escalada de privilegios a través de una página HTML diseñada Chromium is an open-source web browser, powered by WebKit. This update upgra... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html • CWE-416: Use After Free •