CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-11481 – Apport reads arbitrary files if ~/.config/apport/settings is a symlink
https://notcve.org/view.php?id=CVE-2019-11481
Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a user could get apport to read any file on the system as root, with unknown consequences. Kevin Backhouse detectó que Apport leería un archivo de configuración suministrado por el usuario con privilegios elevados. Al reemplazar el archivo por un enlace simbólico, un usuario podría lograr que Apport lea cualquier archivo sobre el sistema como root, con consecuencias desconocidas. • http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html https://usn.ubuntu.com/usn/usn-4171-1 https://usn.ubuntu.com/usn/usn-4171-2 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 3.3EPSS: 0%CPEs: 6EXPL: 0CVE-2019-11485 – apport created lock file in wrong directory
https://notcve.org/view.php?id=CVE-2019-11485
Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling. Sander Bos detectó que el archivo de bloqueo de Apport estaba en un directorio de tipo world-writable que permitía a todos los usuarios impedir el manejo de bloqueos. • https://usn.ubuntu.com/usn/usn-4171-1 https://usn.ubuntu.com/usn/usn-4171-2 • CWE-412: Unrestricted Externally Accessible Lock •
CVSS: 7.5EPSS: 1%CPEs: 20EXPL: 0CVE-2019-15681
https://notcve.org/view.php?id=CVE-2019-15681
LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a. LibVNC en el commit anterior a d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a, contiene una pérdida de memoria (CWE-655) en el código del servidor VNC, lo que permite a un atacante leer la memoria de la pila y puede ser abusada para la divulgación de información. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00073.html https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf https://github.com/LibVNC/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a https://lists.debian.org/debian-lts-announce/2019/10/msg00039.html https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html https:/ • CWE-665: Improper Initialization •
CVSS: 9.8EPSS: 97%CPEs: 11EXPL: 21CVE-2019-11043 – PHP FastCGI Process Manager (FPM) Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2019-11043
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution. En PHP versiones 7.1.x anteriores a la versión 7.1.33, versiones 7.2.x anteriores a la versión 7.2.24 y versiones 7.3.x anteriores a 7.3.11, en ciertas configuraciones del FPM setup, es posible causar que el módulo FPM escriba más allá de los búferes asignados en el espacio reservado para datos de protocolo FCGI, abriendo así la posibilidad de ejecución de código remota. In some versions of PHP in certain configurations of FPM setup, it is possible to cause FPM module to write past allocated buffers allowing the possibility of remote code execution. • https://www.exploit-db.com/exploits/48182 https://www.exploit-db.com/exploits/47553 https://github.com/theMiddleBlue/CVE-2019-11043 https://github.com/jas502n/CVE-2019-11043 https://github.com/k8gege/CVE-2019-11043 https://github.com/akamajoris/CVE-2019-11043-Docker https://github.com/0th3rs-Security-Team/CVE-2019-11043 https://github.com/kriskhub/CVE-2019-11043 https://github.com/AleWong/PHP-FPM-Remote-Code-Execution-Vulnerability-CVE-2019-11043- https://github.com/yperei • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 1%CPEs: 7EXPL: 0CVE-2019-18408 – libarchive: use-after-free in archive_read_format_rar_read_data when there is an error in the decompression of an archive entry
https://notcve.org/view.php?id=CVE-2019-18408
archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol. La función archive_read_format_rar_read_data en el archivo archive_read_support_format_rar.c en libarchive versiones anteriores a 3.4.0, presenta un uso de la memoria previamente liberada en una determinada situación de ARCHIVE_FAILED, relacionada con Ppmd7_DecodeSymbol. A use-after-free vulnerability was discovered in libarchive in the way it processes RAR archives when there is an error in one of the archive's entries. An application that accepts untrusted RAR archives may be vulnerable to this flaw, which could allow a remote attacker to cause a denial of service or to potentially execute code. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00015.html https://access.redhat.com/errata/RHSA-2020:0203 https://access.redhat.com/errata/RHSA-2020:0246 https://access.redhat.com/errata/RHSA-2020:0271 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14689 https://github.com/libarchive/libarchive/commit/b8592ecba2f9e451e1f5cb7ab6dcee8b8e7b3f60 https://github.com/libarchive/libarchive/compare/v3.3.3.. • CWE-416: Use After Free •