CVSS: 8.8EPSS: 93%CPEs: 11EXPL: 6CVE-2019-9810 – Mozilla Firefox Array.slice Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-9810
Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1. La información incorrecta de alias en el compilador IonMonkey JIT para el método Array.prototype.slice puede llevar a la falta de comprobación de límites y a un desbordamiento del búfer. Esta vulnerabilidad afecta a Firefox versiones anteriores a 66.0.1, Firefox ESR versiones anteriores a 60.6.1 y Thunderbird versiones anteriores a 60.6.1. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. • https://www.exploit-db.com/exploits/46605 https://www.exploit-db.com/exploits/47752 https://github.com/0vercl0k/CVE-2019-9810 https://github.com/xuechiyaobai/CVE-2019-9810-PoC http://packetstormsecurity.com/files/155592/Mozilla-Firefox-Windows-64-Bit-Chain-Exploit.html https://access.redhat.com/errata/RHSA-2019:0966 https://access.redhat.com/errata/RHSA-2019:1144 https://bugzilla.mozilla.org/show_bug.cgi?id=1537924 https://www.mozilla.org/security/advisories/mfsa2019-09 https:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 2%CPEs: 12EXPL: 1CVE-2019-3878 – mod_auth_mellon: authentication bypass in ECP flow
https://notcve.org/view.php?id=CVE-2019-3878
A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authentication. Se ha detectado una vulnerabilidad en mod_auth_mellon, en versiones anteriores a la v0.14.2. Si Apache está configurado como proxy inverso y mod_auth_mellon está configurado para que solo deje acceder a los usuarios autenticados (con la directiva "require valid-user"), la adición de cabeceras HTTP especiales que se suelen emplear para iniciar el SAML ECP especial (no basado en el navegador) puede emplearse para omitir la autenticación. A vulnerability was found in mod_auth_mellon. • https://access.redhat.com/errata/RHBA-2019:0959 https://access.redhat.com/errata/RHSA-2019:0746 https://access.redhat.com/errata/RHSA-2019:0766 https://access.redhat.com/errata/RHSA-2019:0985 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3878 https://github.com/Uninett/mod_auth_mellon/pull/196 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CNW5YMC5TLWVWNJEY6AIWNSNPRAMWPQJ https://lists.fedoraproject.org/archives/list/package-announce%40lists. • CWE-287: Improper Authentication CWE-305: Authentication Bypass by Primary Weakness •
CVSS: 7.0EPSS: 0%CPEs: 10EXPL: 0CVE-2019-9755 – ntfs-3g: heap-based buffer overflow leads to local root privilege escalation
https://notcve.org/view.php?id=CVE-2019-9755
An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash or the ability to execute arbitrary code. In installations where /bin/ntfs-3g is a setuid-root binary, this could lead to a local escalation of privileges. Existe un problema de desbordamiento de enteros en ntfs-3g versión 2017.3.23. Un atacante local podría potencialmente aprovechar esto mediante la ejecución del archivo /bin/ntfs-3g con argumentos especialmente creados desde un directorio especialmente creado para causar un desbordamiento del búfer de la pila, lo que resulta en un bloqueo o la capacidad de ejecutar código arbitrario. • https://access.redhat.com/errata/RHBA-2019:3723 https://access.redhat.com/errata/RHSA-2019:2308 https://access.redhat.com/errata/RHSA-2019:3345 https://security.gentoo.org/glsa/202007-45 https://www.tuxera.com/community/release-history https://access.redhat.com/security/cve/CVE-2019-9755 https://bugzilla.redhat.com/show_bug.cgi?id=1691624 • CWE-122: Heap-based Buffer Overflow CWE-191: Integer Underflow (Wrap or Wraparound) CWE-787: Out-of-bounds Write •
CVSS: 7.3EPSS: 0%CPEs: 17EXPL: 0CVE-2019-3838 – ghostscript: forceput in DefineResource is still accessible (700576)
https://notcve.org/view.php?id=CVE-2019-3838
It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Se ha observado que el operador forceput podía ser extraído del método DefineResource en ghostscript en las versiones anteriores a la 9.27. Un archivo PostScript especialmente manipulado podría explotar este error, por ejemplo, para obtener acceso al sistema de archivos fuera de las restricciones impuestas por -dSAFER. It was found that the forceput operator could be extracted from the DefineResource method. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00018.html http://packetstormsecurity.com/files/152367/Slackware-Security-Advisory-ghostscript-Updates.html https://access.redhat.com/errata/RHSA-2019:0652 https://access.redhat.com/errata/RHSA-2019:0971 https://bugs.ghostscript.com/show_bug.cgi?id=700576 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3838 https://lists.debian.org/debian-lts-announce/2 • CWE-648: Incorrect Use of Privileged APIs •
CVSS: 7.3EPSS: 0%CPEs: 15EXPL: 0CVE-2019-3835 – ghostscript: superexec operator is available (700585)
https://notcve.org/view.php?id=CVE-2019-3835
It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Se ha observado que el operador superexec estaba disponible en el diccionario interno en ghostscript en las versiones anteriores a la 9.27. Un archivo PostScript especialmente manipulado podría explotar este error, por ejemplo, para obtener acceso al sistema de archivos fuera de las restricciones impuestas por -dSAFER. It was found that the superexec operator was available in the internal dictionary. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html http://packetstormsecurity.com/files/152367/Slackware-Security-Advisory-ghostscript-Updates.html http://www.securityfocus.com/bid/107855 https://access.redhat.com/errata/RHSA-2019:0652 https://access.redhat.com/errata/RHSA-2019:0971 https://bugs.ghostscript.com/show_bug.cgi?id=700585 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3835 https: • CWE-648: Incorrect Use of Privileged APIs CWE-862: Missing Authorization •