CVE-2019-5010 – python: NULL pointer dereference using a specially crafted X509 certificate
https://notcve.org/view.php?id=CVE-2019-5010
An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability. Se presenta una vulnerabilidad de denegación de servicio explotable en el analizador de certificados X509 de Python.org Python versión 2.7.11 / 3.6.6. Un certificado X509 especialmente diseñado puede causar una desreferencia del puntero NULL, resultando en una denegación de servicio. • https://github.com/JonathanWilbur/CVE-2019-5010 http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html https://access.redhat.com/errata/RHSA-2019:3520 https://access.redhat.com/errata/RHSA-2019:3725 https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html https://security.gentoo.org& • CWE-476: NULL Pointer Dereference •
CVE-2019-7164 – python-sqlalchemy: SQL Injection when the order_by parameter can be controlled
https://notcve.org/view.php?id=CVE-2019-7164
SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. SQLAlchemy, hasta la versión 1.2.17 y las 1.3.x hasta la 1.3.0b2, permite Inyección SQL mediante el parámetro "order_by". • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00087.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00016.html https://access.redhat.com/errata/RHSA-2019:0981 https://access.redhat.com/errata/RHSA-2019:0984 https://github.com/sqlalchemy/sqlalchemy/issues/4481 https://lists.debian.org/debian-lts-announce/2019/03/msg00020.html https://lists.debian.org/debian-lts-announce/2021/11 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2019-6454 – systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash
https://notcve.org/view.php?id=CVE-2019-6454
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic). Se ha descubierto un problema en sd-bus en systemd 239. bus_process_object() en libsystemd/sd-bus/bus-objects.c asigna un búfer de pila de longitud variable para almacenar temporalmente la ruta de objeto de los mensajes D-Bus entrantes. Un usuario local sin privilegios puede explotar esto enviando un mensaje especialmente manipulado a PID1, provocando que el puntero de la pila salte por las páginas guard de la pila hasta una región de memoria no mapeada y desencadene una denegación de servicio (cierre inesperado del PID1 en systemd y pánico del kernel). It was discovered that systemd allocates a buffer large enough to store the path field of a dbus message without performing enough checks. • http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00070.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html http://www.openwall.com/lists/oss-security/2019/02/18/3 http://www.openwall.com/lists/oss-security/2019/02/19/1 http://www.openwall.com/lists/oss-security/2021/07/20/2 http://www.securityfocus.com/bid/107081 https://access.redhat.com/errata/RHSA-2019:0368 https://access.redhat.com/errata/RHSA-2019:0990 https://access • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVE-2019-7222 – Kernel: KVM: leak of uninitialized stack contents to guest
https://notcve.org/view.php?id=CVE-2019-7222
The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. La implementación KVM en el kernel de Linux, hasta la versión 4.20.5, tiene una fuga de información. An information leakage issue was found in the way Linux kernel's KVM hypervisor handled page fault exceptions while emulating instructions like VMXON, VMCLEAR, VMPTRLD, and VMWRITE with memory address as an operand. It occurs if the operand is a mmio address, as the returned exception object holds uninitialized stack memory contents. A guest user/process could use this flaw to leak host's stack memory contents to a guest. • http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html http://packetstormsecurity.com/files/151712/KVM-kvm_inject_page_fault-Uninitialized-Memory-Leak.html http://www.openwall.com/lists/oss-security/2019/02/18/2 http://www.securityfocus.com/bid/106963 https://access.redhat.com/errata/RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2043 https://access.redhat.com/errata/RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3517 https://bugs.chromiu • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2019-7664 – elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h
https://notcve.org/view.php?id=CVE-2019-7664
In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash). En elfutils 0.175, se intenta realizar un memcpy de tamaño negativo en elf_cvt_note en libelf/note_xlate.h debido a una comprobación de desbordamiento incorrecta. Las entradas elf manipuladas provocan un fallo de segmentación, que conduce a una denegación de servicio (cierre inesperado del programa). • https://access.redhat.com/errata/RHSA-2019:2197 https://access.redhat.com/errata/RHSA-2019:3575 https://sourceware.org/bugzilla/show_bug.cgi?id=24084 https://access.redhat.com/security/cve/CVE-2019-7664 https://bugzilla.redhat.com/show_bug.cgi?id=1677536 • CWE-787: Out-of-bounds Write •