Page 31 of 478 results (0.011 seconds)

CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0

CVE-2019-10216 – ghostscript: -dSAFER escape via .buildfont1 (701394)

https://notcve.org/view.php?id=CVE-2019-10216

In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas. En ghostscript anterior a la versión 9.50, el procedimiento .buildfont1 no aseguraba adecuadamente sus llamadas privilegiadas, permitiendo que los scripts eludieran las restricciones `-dSAFER`. Un atacante podría abusar de esta fallo al crear un archivo PostScript especialmente diseñado que podría escalar privilegios y acceder a archivos fuera de las áreas restringidas. It was found that the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5b85ddd19 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10216 https://security.gentoo.org/glsa/202004-03 https://access.redhat.com/security/cve/CVE-2019-10216 https://bugzilla.redhat.com/show_bug.cgi?id=1737080 • CWE-648: Incorrect Use of Privileged APIs •

CVSS: 9.8EPSS: 1%CPEs: 61EXPL: 0

CVE-2019-14379 – jackson-databind: default typing mishandling leading to remote code execution

https://notcve.org/view.php?id=CVE-2019-14379

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution. El archivo SubTypeValidator.java en jackson-databind de FasterXML en versiones anteriores a la 2.9.9.2 maneja inapropiadamente la escritura predeterminada cuando se usa ehcache (debido a net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), lo que conlleva a la ejecución de código remoto. A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache and logback JNDI gadgets when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code. • http://seclists.org/fulldisclosure/2022/Mar/23 https://access.redhat.com/errata/RHBA-2019:2824 https://access.redhat.com/errata/RHSA-2019:2743 https://access.redhat.com/errata/RHSA-2019:2858 https://access.redhat.com/errata/RHSA-2019:2935 https://access.redhat.com/errata/RHSA-2019:2936 https://access.redhat.com/errata/RHSA-2019:2937 https://access.redhat.com/errata/RHSA-2019:2938 https://access.redhat.com/errata/RHSA-2019:2998 https://access.redhat.com/errata/RHSA-2 • CWE-502: Deserialization of Untrusted Data CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •

CVSS: 7.5EPSS: 0%CPEs: 28EXPL: 0

CVE-2019-10184 – undertow: Information leak in requests for directories without trailing slashes

https://notcve.org/view.php?id=CVE-2019-10184

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api. Undertow en versiones anteriores a la 2.0.23.Final es vulnerable a un problema de fuga de información. Las aplicaciones web pueden tener sus estructuras de directorio predecibles a través de solicitudes sin barras finales mediante la API. • https://access.redhat.com/errata/RHSA-2019:2935 https://access.redhat.com/errata/RHSA-2019:2936 https://access.redhat.com/errata/RHSA-2019:2937 https://access.redhat.com/errata/RHSA-2019:2938 https://access.redhat.com/errata/RHSA-2019:2998 https://access.redhat.com/errata/RHSA-2019:3044 https://access.redhat.com/errata/RHSA-2019:3045 https://access.redhat.com/errata/RHSA-2019:3046 https://access.redhat.com/errata/RHSA-2019:3050 https://access.redhat.com/errata/RHSA • CWE-862: Missing Authorization •

CVSS: 7.1EPSS: 0%CPEs: 10EXPL: 0

CVE-2019-11989

https://notcve.org/view.php?id=CVE-2019-11989

A security vulnerability in HPE IceWall SSO Agent Option and IceWall MFA (Agent module ) could be exploited remotely to cause a denial of service. The versions and platforms of Agent Option modules that are impacted are as follows: 10.0 for Apache 2.2 on RHEL 5 and 6, 10.0 for Apache 2.4 on RHEL 7, 10.0 for Apache 2.4 on HP-UX 11i v3, 10.0 for IIS on Windows, 11.0 for Apache 2.4 on RHEL 7, MFA Proxy 4.0 (Agent module only) for Apache 2.4 on RHEL 7. Una vulnerabilidad de seguridad en IceWall SSO Agent Option y IceWall MFA (módulo Agent) de HPE podría ser explotada remotamente para causar una denegación de servicio. Las versiones y plataformas de los módulos Agent Option que están afectadas son las siguientes: versión 10.0 para Apache versión 2.2 en RHEL versiones 5 y 6.0, versión 10.0 para Apache versión 2.4 en RHEL versión 7, versión 10.0 para Apache versión 2.4 en HP-UX 11i versión v3, versión 10.0 para IIS en Windows, versión 11.0 para Apache versión 2.4 en RHEL versión 7, MFA Proxy versión 4.0 (solo módulo Agent) para Apache versión 2.4 en RHEL versión 7. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03941en_us •

CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0

CVE-2019-10161 – libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API

https://notcve.org/view.php?id=CVE-2019-10161

It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs. Se detectó que libvirtd anterior a versiones 4.10.1 y 5.4.1, permitiría a clientes de solo lectura usar la API de la función virDomainSaveImageGetXMLDesc(), especificando una ruta (path) arbitraria a la que se accedería con los permisos del proceso libvirtd. Un atacante con acceso al socket libvirtd podría usar esto para probar la existencia de archivos arbitrarios, causar una denegación de servicio o causar que libvirtd ejecute programas arbitrarios. It was discovered that libvirtd would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. • https://access.redhat.com/libvirt-privesc-vulnerabilities https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10161 https://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=aed6a032cead4386472afb24b16196579e239580 https://security.gentoo.org/glsa/202003-18 https://usn.ubuntu.com/4047-2 https://access.redhat.com/security/cve/CVE-2019-10161 https://bugzilla.redhat.com/show_bug.cgi?id=1720115 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-284: Improper Access Control CWE-862: Missing Authorization •