CVSS: 9.1EPSS: 0%CPEs: 29EXPL: 1CVE-2019-9948 – python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms
https://notcve.org/view.php?id=CVE-2019-9948
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call. urllib en Python, en versiones 2.x hasta la 2.7.16, soporta el esquema local_file:, lo que facilita que los atacantes remotos omitan los mecanismos de protección que ponen en lista negra los URI file:, tal y como queda demostrado con una llamada urllib.urlopen('local_file:///etc/passwd'). • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html http://www.securityfocus.com/bid/107549 https://access.redhat.com/errata/RHSA-2019:1700 https://access.redhat.com/errata/RHSA-2019:2030 https://access.redhat.com/errata/RHSA-2019:3335 https://access.redhat.com/errata/RHSA-2019:3520 https://bugs.python.o • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-749: Exposed Dangerous Method or Function •
CVSS: 7.0EPSS: 0%CPEs: 10EXPL: 0CVE-2019-9755 – ntfs-3g: heap-based buffer overflow leads to local root privilege escalation
https://notcve.org/view.php?id=CVE-2019-9755
An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash or the ability to execute arbitrary code. In installations where /bin/ntfs-3g is a setuid-root binary, this could lead to a local escalation of privileges. Existe un problema de desbordamiento de enteros en ntfs-3g versión 2017.3.23. Un atacante local podría potencialmente aprovechar esto mediante la ejecución del archivo /bin/ntfs-3g con argumentos especialmente creados desde un directorio especialmente creado para causar un desbordamiento del búfer de la pila, lo que resulta en un bloqueo o la capacidad de ejecutar código arbitrario. • https://access.redhat.com/errata/RHBA-2019:3723 https://access.redhat.com/errata/RHSA-2019:2308 https://access.redhat.com/errata/RHSA-2019:3345 https://security.gentoo.org/glsa/202007-45 https://www.tuxera.com/community/release-history https://access.redhat.com/security/cve/CVE-2019-9755 https://bugzilla.redhat.com/show_bug.cgi?id=1691624 • CWE-122: Heap-based Buffer Overflow CWE-191: Integer Underflow (Wrap or Wraparound) CWE-787: Out-of-bounds Write •
CVSS: 7.3EPSS: 0%CPEs: 17EXPL: 0CVE-2019-3838 – ghostscript: forceput in DefineResource is still accessible (700576)
https://notcve.org/view.php?id=CVE-2019-3838
It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Se ha observado que el operador forceput podía ser extraído del método DefineResource en ghostscript en las versiones anteriores a la 9.27. Un archivo PostScript especialmente manipulado podría explotar este error, por ejemplo, para obtener acceso al sistema de archivos fuera de las restricciones impuestas por -dSAFER. It was found that the forceput operator could be extracted from the DefineResource method. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00018.html http://packetstormsecurity.com/files/152367/Slackware-Security-Advisory-ghostscript-Updates.html https://access.redhat.com/errata/RHSA-2019:0652 https://access.redhat.com/errata/RHSA-2019:0971 https://bugs.ghostscript.com/show_bug.cgi?id=700576 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3838 https://lists.debian.org/debian-lts-announce/2 • CWE-648: Incorrect Use of Privileged APIs •
CVSS: 7.3EPSS: 0%CPEs: 15EXPL: 0CVE-2019-3835 – ghostscript: superexec operator is available (700585)
https://notcve.org/view.php?id=CVE-2019-3835
It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Se ha observado que el operador superexec estaba disponible en el diccionario interno en ghostscript en las versiones anteriores a la 9.27. Un archivo PostScript especialmente manipulado podría explotar este error, por ejemplo, para obtener acceso al sistema de archivos fuera de las restricciones impuestas por -dSAFER. It was found that the superexec operator was available in the internal dictionary. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html http://packetstormsecurity.com/files/152367/Slackware-Security-Advisory-ghostscript-Updates.html http://www.securityfocus.com/bid/107855 https://access.redhat.com/errata/RHSA-2019:0652 https://access.redhat.com/errata/RHSA-2019:0971 https://bugs.ghostscript.com/show_bug.cgi?id=700585 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3835 https: • CWE-648: Incorrect Use of Privileged APIs CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 0CVE-2019-3856 – libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write
https://notcve.org/view.php?id=CVE-2019-3856
An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. Se ha descubierto un error de desbordamiento de enteros que podría conducir a una escritura fuera de límites en libssh2, en versiones anteriores a la 1.8.1, en la forma en la que se analizan las peticiones de comandos de teclado. Un atacante remoto que comprometa un servidor SSH podría ser capaz de ejecutar código en el sistema del cliente cuando un usuario se conecta al servidor. An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 in the way keyboard prompt requests are parsed. • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html https://access.redhat.com/errata/RHSA-2019:0679 https://access.redhat.com/errata/RHSA-2019:1175 https://access.redhat.com/errata/RHSA-2019:1652 https://access.redhat.com/errata/RHSA-2019:1791 https://access.redhat.com/errata/RHSA-2019:1943 https://access.redhat.com/errata/RHSA-2019:2399 https://bugzilla.redhat.com/show_bug.cgi?id&# • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •