CVSS: 8.8EPSS: 51%CPEs: 11EXPL: 2CVE-2019-13764 – chromium-browser: Type Confusion in V8
https://notcve.org/view.php?id=CVE-2019-13764
10 Dec 2019 — Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una confusión de tipo en JavaScript en Google Chrome versiones anteriores a la versión 79.0.3945.79, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML especialmente diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 79.0.3945.79. Issues... • https://github.com/HaboobLab/CVE-2019-13764 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.5EPSS: 2%CPEs: 11EXPL: 1CVE-2019-13745 – chromium-browser: Insufficient policy enforcement in audio
https://notcve.org/view.php?id=CVE-2019-13745
10 Dec 2019 — Insufficient policy enforcement in audio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Una aplicación de política insuficiente en audio en Google Chrome versiones anteriores a la versión 79.0.3945.79, permitió a un atacante remoto filtrar datos de origen cruzado por medio de una página HTML especialmente diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 79.0.3945.79. Issues addre... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html •
CVSS: 8.8EPSS: 9%CPEs: 32EXPL: 0CVE-2019-13734 – sqlite: fts3: improve shadow table corruption detection
https://notcve.org/view.php?id=CVE-2019-13734
10 Dec 2019 — Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una escritura fuera de limites en SQLite en Google Chrome versiones anteriores a la versión 79.0.3945.79, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML especialmente diseñada. It was discovered that SQLite incorrectly handled certain shadow tables. An attacker could use this issue to cause... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 3%CPEs: 8EXPL: 0CVE-2019-11709 – Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8
https://notcve.org/view.php?id=CVE-2019-11709
11 Jul 2019 — Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. Los desarrolladores de Mozilla y los miembros de la comunidad reportaron bugs de seguridad de memoria presentes en Firefox versión 67 y Firefox ESR versión 60... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 32%CPEs: 8EXPL: 2CVE-2019-11730 – Mozilla: Same-origin policy treats all files in a directory as having the same-origin
https://notcve.org/view.php?id=CVE-2019-11730
11 Jul 2019 — A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and they may uploaded to a server. It was demonstrated that in combination with a popular Android messaging app, if a malicious HTML attachment is sent to a user and they opened that attachment in Firefox, due to that ap... • https://github.com/alidnf/CVE-2019-11730 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 6.5EPSS: 0%CPEs: 15EXPL: 0CVE-2019-5798 – chromium-browser: Out of bounds read in Skia
https://notcve.org/view.php?id=CVE-2019-5798
28 Mar 2019 — Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. La falta de comprobación de límites correcta en Skia en Google Chrome antes de la versión 73.0.3683.75, permitió que un atacante remoto ejecutara una lectura de memoria fuera de límites por medio de una página HTML creada. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This up... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 0%CPEs: 57EXPL: 1CVE-2019-7317 – libpng: use-after-free in png_image_free in png.c
https://notcve.org/view.php?id=CVE-2019-7317
04 Feb 2019 — png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. La función png_image_free en el archivo png.c en libpng versiones 1.6.x anteriores a 1.6.37, presenta un uso de la memoria previamente liberada porque la función png_image_free_function es llamada bajo png_safe_execute. It was discovered that OpenJDK did not sufficiently validate serial streams before deserializing suppressed exceptions in some situations. An attacker ... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html • CWE-400: Uncontrolled Resource Consumption CWE-416: Use After Free •
CVSS: 5.3EPSS: 1%CPEs: 17EXPL: 0CVE-2018-16876 – ansible: Information disclosure in vvv+ mode with no_log on
https://notcve.org/view.php?id=CVE-2018-16876
18 Dec 2018 — ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data. ansible en versiones anteriores a las 2.5.14, 2.6.11 y 2.7.5 es vulnerable a un fallo de divulgación de información en el modo vvv+ con "no_log" habilitado, el cual podría provocar el filtrado de datos sensibles. Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over ... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2018-16837 – Ansible: Information leak in "user" module
https://notcve.org/view.php?id=CVE-2018-16837
23 Oct 2018 — Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list. El módulo "User" de Ansible filtra cualquier dato que se pasa como parámetro a ssh-keygen. Esto podría desembocar en situaciones no deseadas como el paso de credenciales de frase de contraseña co... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html • CWE-214: Invocation of Process Using Visible Sensitive Information CWE-311: Missing Encryption of Sensitive Data •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2018-10875 – ansible: ansible.cfg is being read from current working directory allowing possible code execution
https://notcve.org/view.php?id=CVE-2018-10875
10 Jul 2018 — A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code. Se ha encontrado un error en ansible. ansible.cfg se lee desde el directorio de trabajo actual, que puede alterarse para hacer que señale a un plugin o una ruta de módulo bajo el control de un atacante, permitiendo que el atacante ejecute código arbitrario. It was found th... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html • CWE-426: Untrusted Search Path •