CVSS: 7.1EPSS: 0%CPEs: 15EXPL: 1CVE-2019-11042 – heap-buffer-overflow on exif_process_user_comment in EXIF extension
https://notcve.org/view.php?id=CVE-2019-11042
09 Aug 2019 — When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. Cuando la extensión EXIF de PHP está analizando información EXIF de una imagen, p.ej. por medio de la función exif_read_data(), en PHP versiones 7.1.x anteriores a 7.1.31, versiones 7.2.x an... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00019.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 15EXPL: 1CVE-2019-11041 – heap-buffer-overflow on exif_scan_thumbnail in EXIF extension
https://notcve.org/view.php?id=CVE-2019-11041
09 Aug 2019 — When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. Cuando la extensión EXIF de PHP está analizando información EXIF de una imagen, p.ej. por medio de la función exif_read_data(), en PHP versiones 7.1.x anteriores a 7.1.31, versiones 7.2.x an... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00019.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 29EXPL: 0CVE-2019-13565 – Ubuntu Security Notice USN-4078-2
https://notcve.org/view.php?id=CVE-2019-13565
26 Jul 2019 — An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, et... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html •
CVSS: 4.9EPSS: 0%CPEs: 29EXPL: 0CVE-2019-13057 – Ubuntu Security Notice USN-4078-2
https://notcve.org/view.php?id=CVE-2019-13057
26 Jul 2019 — An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy di... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-8582 – Apple macOS CoreText Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-8582
24 Jul 2019 — An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iCloud for Windows 7.12, tvOS 12.3, iTunes 12.9.5 for Windows, macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3. Processing a maliciously crafted font may result in the disclosure of process memory. Se abordó una lectura fuera de límites con una comprobación de límites mejorada. Este problema se corrigió en iCloud para Windows versión 7.12, tvOS versión 12.3, iT... • https://support.apple.com/en-us/HT210118 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-8691 – Apple macOS AMDRadeonX4000_AMDSIGLContext RsrcAndXorByteFlag Out-Of-Bounds Read Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-8691
23 Jul 2019 — A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.6. An application may be able to read restricted memory. Un problema de comprobación fue abordado mejorando el saneamiento de la entrada. Este problema es corregido en macOS Mojave versión 10.14.6. • https://support.apple.com/HT210348 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-8697 – Apple macOS diskmanagementd Heap-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-8697
23 Jul 2019 — A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6. An application may be able to execute arbitrary code with system privileges. Un problema de corrupción de memoria fue abordado mejorando el manejo de la memoria. Este problema es corregido en macOS Mojave versión 10.14.6. • https://support.apple.com/HT210348 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-8656 – Apple Security Advisory 2019-7-22-2
https://notcve.org/view.php?id=CVE-2019-8656
23 Jul 2019 — This was addressed with additional checks by Gatekeeper on files mounted through a network share. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. Extracting a zip file containing a symbolic link to an endpoint in an NFS mount that is attacker controlled may bypass Gatekeeper. Esto se abordó con comprobaciones adicionales mediante Gatekeeper de los archivos montados por medio de un recurso compartido de red. Este problema se corrigió en... • https://github.com/D00MFist/CVE-2019-8656 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-8693 – Apple Security Advisory 2019-7-22-2
https://notcve.org/view.php?id=CVE-2019-8693
23 Jul 2019 — A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.6. An application may be able to read restricted memory. Un problema de comprobación fue abordado mejorando el saneamiento de la entrada. Este problema es corregido en macOS Mojave versión 10.14.6. • https://support.apple.com/HT210348 • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-8667 – Apple Security Advisory 2019-7-22-2
https://notcve.org/view.php?id=CVE-2019-8667
23 Jul 2019 — An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.6. The encryption status of a Time Machine backup may be incorrect. Un problema de interfaz de usuario inconsistente fue abordado con una gestión de estado mejorada. Este problema es corregido en macOS Mojave versión 10.14.6. • https://support.apple.com/HT210348 •