CVE-2019-15681
https://notcve.org/view.php?id=CVE-2019-15681
LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a. LibVNC en el commit anterior a d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a, contiene una pérdida de memoria (CWE-655) en el código del servidor VNC, lo que permite a un atacante leer la memoria de la pila y puede ser abusada para la divulgación de información. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00073.html https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf https://github.com/LibVNC/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a https://lists.debian.org/debian-lts-announce/2019/10/msg00039.html https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html https:/ • CWE-665: Improper Initialization •
CVE-2019-11043 – PHP FastCGI Process Manager (FPM) Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2019-11043
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution. En PHP versiones 7.1.x anteriores a la versión 7.1.33, versiones 7.2.x anteriores a la versión 7.2.24 y versiones 7.3.x anteriores a 7.3.11, en ciertas configuraciones del FPM setup, es posible causar que el módulo FPM escriba más allá de los búferes asignados en el espacio reservado para datos de protocolo FCGI, abriendo así la posibilidad de ejecución de código remota. In some versions of PHP in certain configurations of FPM setup, it is possible to cause FPM module to write past allocated buffers allowing the possibility of remote code execution. • https://www.exploit-db.com/exploits/48182 https://www.exploit-db.com/exploits/47553 https://github.com/theMiddleBlue/CVE-2019-11043 https://github.com/jas502n/CVE-2019-11043 https://github.com/k8gege/CVE-2019-11043 https://github.com/akamajoris/CVE-2019-11043-Docker https://github.com/0th3rs-Security-Team/CVE-2019-11043 https://github.com/kriskhub/CVE-2019-11043 https://github.com/AleWong/PHP-FPM-Remote-Code-Execution-Vulnerability-CVE-2019-11043- https://github.com/yperei • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVE-2019-18408 – libarchive: use-after-free in archive_read_format_rar_read_data when there is an error in the decompression of an archive entry
https://notcve.org/view.php?id=CVE-2019-18408
archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol. La función archive_read_format_rar_read_data en el archivo archive_read_support_format_rar.c en libarchive versiones anteriores a 3.4.0, presenta un uso de la memoria previamente liberada en una determinada situación de ARCHIVE_FAILED, relacionada con Ppmd7_DecodeSymbol. A use-after-free vulnerability was discovered in libarchive in the way it processes RAR archives when there is an error in one of the archive's entries. An application that accepts untrusted RAR archives may be vulnerable to this flaw, which could allow a remote attacker to cause a denial of service or to potentially execute code. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00015.html https://access.redhat.com/errata/RHSA-2020:0203 https://access.redhat.com/errata/RHSA-2020:0246 https://access.redhat.com/errata/RHSA-2020:0271 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14689 https://github.com/libarchive/libarchive/commit/b8592ecba2f9e451e1f5cb7ab6dcee8b8e7b3f60 https://github.com/libarchive/libarchive/compare/v3.3.3.. • CWE-416: Use After Free •
CVE-2019-18218 – file: heap-based buffer overflow in cdf_read_property_info in cdf.c
https://notcve.org/view.php?id=CVE-2019-18218
cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). La función cdf_read_property_info en el archivo cdf.c en file versiones hasta 5.37, no restringe el número de elementos CDF_VECTOR, lo que permite un desbordamiento del búfer en la región heap de la memoria (escritura fuera de límites de 4 bytes). • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00044.html https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16780 https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84 https://lists.debian.org/debian-lts-announce/2019/10/msg00032.html https://lists.debian.org/debian-lts-announce/2021/07/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV6PFCEYHYALMTT45QE2U5C5TEJZQPXJ https://lists.fedoraproject.org/archives/list/p • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2019-18197 – libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure
https://notcve.org/view.php?id=CVE-2019-18197
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed. En la función xsltCopyText en el archivo transform.c en libxslt versión 1.1.33, una variable de puntero no se restablece bajo determinadas circunstancias. Si el área de memoria relevante se liberó y reutilizó de cierta manera, una comprobación de límites podría fallar y podría escribirse la memoria fuera de un búfer o podrían divulgarse datos no inicializados. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html http://www.openwall.com/lists/oss-security/2019/11/17/2 https://access.redhat.com/errata/RHSA-2020:0514 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746 https://bugs.chromium.or • CWE-416: Use After Free CWE-908: Use of Uninitialized Resource •