CVSS: 4.0EPSS: 0%CPEs: 12EXPL: 0CVE-2019-17055 – kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol
https://notcve.org/view.php?id=CVE-2019-17055
base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21. La función base_sock_create en el archivo drivers/isdn/mISDN/socket.c en el módulo de red AF_ISDN en el kernel de Linux versiones hasta 5.3.2 no aplica CAP_NET_RAW, lo que significa que los usuarios no privilegiados pueden crear un socket en bruto, también se conoce como CID-b91ee4aa2a21. A vulnerability was found in the Linux kernel’s implementation of the AF_ISDN protocol, which does not enforce the CAP_NET_RAW capability. This flaw can allow unprivileged users to create a raw socket for this protocol. This could further allow the user to control the availability of an existing ISDN circuit. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html https://access.redhat.com/errata/RHSA-2020:0790 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0edc3f703f7bcaf550774b5d43ab727bcd0fe06b https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b91ee4aa2 • CWE-250: Execution with Unnecessary Privileges CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 2CVE-2019-16935 – python: XSS vulnerability in the documentation XML-RPC server in server_title field
https://notcve.org/view.php?id=CVE-2019-16935
The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server. La documentación del servidor XML-RPC en Python versiones hasta 2.7.16, versiones 3.x hasta 3.6.9 y versiones 3.7.x hasta 3.7.4, presenta una vulnerabilidad de tipo XSS por medio del campo server_title. Esto ocurre en Lib/DocXMLRPCServer.py en Python versión 2.x, y en Lib/xmlrpc/server.py en Python versión 3.x. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00062.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00063.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html https://bugs.python.org/issue38243 https://github.com/python/cpython/blob/35c0809158be7feae4c4f877a08b93baea2d8291/Lib/xmlrpc/server.py#L897 htt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 1%CPEs: 11EXPL: 0CVE-2019-9433 – libvpx: Use-after-free in vp8_deblock() in vp8/common/postproc.c
https://notcve.org/view.php?id=CVE-2019-9433
In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354 En libvpx, se presenta una posible divulgación de información debido a una comprobación de entrada inapropiada. Esto podría conllevar a una divulgación de información remota sin ser necesarios privilegios de ejecución adicionales. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00049.html http://www.openwall.com/lists/oss-security/2019/10/25/17 http://www.openwall.com/lists/oss-security/2019/10/27/1 http://www.openwall.com/lists/oss-security/2019/11/07/1 https://lists.debian.org/debian-lts-announce/2019/11/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN https://lists.fedoraproject.org/archives/list/package-an • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 1%CPEs: 12EXPL: 0CVE-2019-9278 – libexif: out of bounds write in exif-data.c
https://notcve.org/view.php?id=CVE-2019-9278
In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774 En libexif, se presenta una posible escritura fuera de límites debido a un desbordamiento de enteros. Esto podría conllevar a una escalada de privilegios remota en el proveedor de contenido multimedia sin ser necesarios privilegios de ejecución adicionales. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html http://www.openwall.com/lists/oss-security/2019/10/25/17 http://www.openwall.com/lists/oss-security/2019/10/27/1 http://www.openwall.com/lists/oss-security/2019/11/07/1 https://github.com/libexif/libexif/commit/75aa73267fdb1e0ebfbc00369e7312bac43d0566 https://github.com/libexif/libexif/issues/26 https://lists.debian.org/debian-lts-anno • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 1%CPEs: 11EXPL: 0CVE-2019-9232 – libvpx: Out of bounds read in vp8_norm table
https://notcve.org/view.php?id=CVE-2019-9232
In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483 En libvpx, se presenta una posible lectura fuera de límites debido a una falta de comprobación de límites. Esto podría conllevar a una divulgación de información remota sin ser necesarios privilegios de ejecución adicionales. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00049.html http://www.openwall.com/lists/oss-security/2019/10/25/17 http://www.openwall.com/lists/oss-security/2019/10/27/1 http://www.openwall.com/lists/oss-security/2019/11/07/1 https://lists.debian.org/debian-lts-announce/2019/11/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN https://lists.fedoraproject.org/archives/list/package-an • CWE-125: Out-of-bounds Read •