CVSS: 6.5EPSS: 2%CPEs: 14EXPL: 1CVE-2019-11047 – Heap-buffer-overflow READ in exif
https://notcve.org/view.php?id=CVE-2019-11047
23 Dec 2019 — When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. Cuando la extensión EXIF de PHP está analizando información EXIF de una imagen, por ejemplo por medio de la función exif_read_data(), PHP versiones 7.2.x por debajo de 7.2.26, versiones 7.3.x por debajo... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 9%CPEs: 16EXPL: 0CVE-2019-11046 – Buffer underflow in bc_shift_addsub
https://notcve.org/view.php?id=CVE-2019-11046
23 Dec 2019 — In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations. En PHP versiones 7.2.x por debajo de 7.2.26, versiones 7.3.x por debajo de 7.3.13 y 7.4.0, las funciones de extensión bcmath de PHP en alg... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 40%CPEs: 16EXPL: 1CVE-2019-11045 – DirectoryIterator class silently truncates after a null byte
https://notcve.org/view.php?id=CVE-2019-11045
23 Dec 2019 — In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access. En PHP versiones 7.2.x por debajo de 7.2.26, versiones 7.3.x por debajo de 7.3.13 y 7.4.0, la clase DirectoryIterator de PHP acepta nombres de archivo con \0 byte insertado y los trata como terminando en ese byte. Es... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-170: Improper Null Termination •
CVSS: 7.5EPSS: 0%CPEs: 55EXPL: 1CVE-2019-19906 – cyrus-sasl: denial of service in _sasl_add_string function
https://notcve.org/view.php?id=CVE-2019-19906
19 Dec 2019 — cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl. cyrus-sasl (también se conoce como Cyrus SASL) versión 2.1.27, presenta una escritura fuera de límites conllevando a una denegación de servicio remota no autenticada en OpenLDAP por medio de un paquete LDAP malformado. El bloqueo de OpenLDAP es ca... • http://seclists.org/fulldisclosure/2020/Jul/23 • CWE-193: Off-by-one Error CWE-400: Uncontrolled Resource Consumption CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 15%CPEs: 7EXPL: 5CVE-2019-19844 – Django < 3.0 < 2.2 < 1.11 - Account Hijack
https://notcve.org/view.php?id=CVE-2019-19844
18 Dec 2019 — Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.) Django versiones anteriores a 1.11.27, versiones 2.x anteriores a 2.2.9 y versiones 3.x ant... • https://packetstorm.news/files/id/155872 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 9.3EPSS: 0%CPEs: 24EXPL: 1CVE-2019-19816 – Ubuntu Security Notice USN-4709-1
https://notcve.org/view.php?id=CVE-2019-19816
17 Dec 2019 — In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled. En el kernel de Linux versión 5.0.21, montar una imagen del sistema de archivos btrfs especialmente diseñada y realizar algunas operaciones puede causar un acceso de escritura fuera de límites en la función __btrfs_map_block en el archivo fs/btrfs/volumes.c,... • https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19816 • CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 1%CPEs: 20EXPL: 1CVE-2019-19813 – Ubuntu Security Notice USN-4414-1
https://notcve.org/view.php?id=CVE-2019-19813
17 Dec 2019 — In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c. En el kernel de Linux versión 5.0.21, montar una imagen de sistema de archivos btrfs especialmente diseñada, realizar algunas o... • https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19813 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2019-19807 – kernel: use-after-free in sound/core/timer.c
https://notcve.org/view.php?id=CVE-2019-19807
15 Dec 2019 — In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for a different purpose after refactoring. En el kernel de Linux versiones anteriores a la versión 5.3.11, el archivo sound/core/timer.c tiene un uso de la memoria previamente liberada causado por una refactorización... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 1CVE-2019-19725 – Ubuntu Security Notice USN-4242-1
https://notcve.org/view.php?id=CVE-2019-19725
11 Dec 2019 — sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c. sysstat versiones hasta 12.2.0, presenta una doble liberación en la función check_file_actlst en el archivo sa_common.c. It was discovered that Sysstat incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 19.04 and Ubuntu 19.10. It was discovered that Sysstat incorrectly handled certain inputs. • https://github.com/sysstat/sysstat/issues/242 • CWE-415: Double Free •
CVSS: 6.5EPSS: 2%CPEs: 17EXPL: 0CVE-2019-13753 – sqlite: fts3: incorrectly removed corruption check
https://notcve.org/view.php?id=CVE-2019-13753
10 Dec 2019 — Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Una lectura fuera de límites en SQLite en Google Chrome versiones anteriores a la versión 79.0.3945.79, permitió a un atacante remoto conseguir información potencialmente confidencial desde la memoria del proceso por medio de una página HTML especialmente diseñada. It was discovered that SQLite incorrectly handled certain shado... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html • CWE-125: Out-of-bounds Read •