CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2019-3873 – picketlink: URL injection via xinclude parameter
https://notcve.org/view.php?id=CVE-2019-3873
It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks. Se encontró que Picketlink, tal como se distribuye con Jboss Enterprise Application Platform versión 7.2, aceptaría un parámetro xinclude en XML SAMLresponse. Un atacante podría usar esta fallo para enviar una URL para lograr cross-site scripting o posiblemente conducir más ataques. • http://www.securityfocus.com/bid/108739 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3873 https://access.redhat.com/security/cve/CVE-2019-3873 https://bugzilla.redhat.com/show_bug.cgi?id=1689014 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2019-3872 – picketlink: reflected XSS in SAMLRequest via RelayState parameter
https://notcve.org/view.php?id=CVE-2019-3872
It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. An attacker could use this to send a malicious script to achieve cross-site scripting and obtain unauthorized information or conduct further attacks. Se encontró que un SAMLRequest que contenía un script podía ser procesado por versiones de Picketlink enviadas en Jboss Application Platform 7.2.xy 7.1.x. Un atacante podría usar esto para enviar un script malicioso para lograr scripts entre sitios y obtener información no autorizada o lleva cabo de más ataques. • http://www.securityfocus.com/bid/108732 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3872 https://access.redhat.com/security/cve/CVE-2019-3872 https://bugzilla.redhat.com/show_bug.cgi?id=1688966 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 29EXPL: 1CVE-2019-3846 – kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c
https://notcve.org/view.php?id=CVE-2019-3846
A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. Se encontró un fallo que permitía a un atacante corromper la memoria y posiblemente aumentar los privilegios en el módulo del kernel mwifiex mientras se conectaba a una red inalámbrica maliciosa. A flaw was found in the Linux kernel's Marvell wifi chip driver. A heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c allows remote attackers to cause a denial of service(system crash) or execute arbitrary code. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html ht • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 0CVE-2019-9503 – Broadcom brcmfmac driver is vulnerable to a frame validation bypass
https://notcve.org/view.php?id=CVE-2019-9503
The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source, the is_wlc_event_frame function will cause this frame to be discarded and unprocessed. If the driver receives the firmware event frame from the host, the appropriate handler is called. This frame validation can be bypassed if the bus used is USB (for instance by a wifi dongle). This can allow firmware event frames from a remote source to be processed. • https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html https://bugzilla.redhat.com/show_bug.cgi?id=1701842 https://bugzilla.suse.com/show_bug.cgi?id=1132828 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4176ec356c73a46c07c181c6d04039fafa34a9f https://kb.cert.org/vuls/id/166939 https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9503.html https://security-tracker.debian.org/tracker/CVE-2019-9503 https://access.redhat.com&# • CWE-20: Improper Input Validation •
CVSS: 7.7EPSS: 0%CPEs: 29EXPL: 0CVE-2019-3900 – Kernel: vhost_net: infinite loop while receiving packets leads to DoS
https://notcve.org/view.php?id=CVE-2019-3900
An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario. Se encontró un problema de bucle infinito en el módulo del núcleo vhost_net en el kernel de Linux versiones anteriores a 5.1-rc6 inclusive, mientras manejaba los paquetes entrantes en handle_rx(). Puede ocurrir cuando un extremo envía los paquetes más rápido de lo que el otro extremo los procesa. • http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://www.securityfocus.com/bid/108076 https://access.redhat.com/errata/RHSA-2019:1973 https://access.redhat.com/errata/RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2043 https://access.redhat.com/errata/RHSA-2019:3220 https://access.redhat.com/errata/RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3517 https://access.redhat.com/errata/RHSA-2019:3836 http • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •