CVSS: 9.1EPSS: 1%CPEs: 19EXPL: 0CVE-2019-11036 – Heap over-read in PHP EXIF extension
https://notcve.org/view.php?id=CVE-2019-11036
03 May 2019 — When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash. Al procesar ciertos archivos, la extensión PHP EXIF en las versiones 7.1.x anteriores a 7.1.29, 7.2.x anteriores a 7.2.18 y 7.3.x anteriores a 7.3.5, puede hacer que se lea el búfer asignado en la función exif_process_IFD_TAG. Esto puede conducir a la revelació... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00010.html • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2019-11627
https://notcve.org/view.php?id=CVE-2019-11627
30 Apr 2019 — gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID. gpg-key2ps en signing-party versión 1.1.x y 2.x anteriores a la 2.10-1 contiene una llamada de shell insegura que permite la inyección de shell a través de un ID de usuario. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00029.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 1%CPEs: 10EXPL: 1CVE-2019-11506 – Debian Security Advisory 4640-1
https://notcve.org/view.php?id=CVE-2019-11506
24 Apr 2019 — In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to ExportRedQuantumType in magick/export.c. En GraphicsMagick, desde la versión 1.3.30 hasta la 1.4 snapshot-20190403 Q8, hay un desbordamiento de búfer basado en memoria dinámica (heap) en la función WriteMATLABImage d... • http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/57ac0ae85e2a • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 9EXPL: 1CVE-2019-11505 – Debian Security Advisory 4640-1
https://notcve.org/view.php?id=CVE-2019-11505
24 Apr 2019 — In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to MagickBitStreamMSBWrite in magick/bit_stream.c. En GraphicsMagick, desde la versión 1.3.8 hasta la 1.4 snapshot-20190403 Q8, hay un desbordamiento de búfer basado en memoria dinámica (heap) en la función WritePDBImage de... • http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/85f5bdcd246a • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 24EXPL: 0CVE-2019-3882 – kernel: denial of service vector through vfio DMA mappings
https://notcve.org/view.php?id=CVE-2019-3882
24 Apr 2019 — A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable. Se encontró un fallo en la implementación de la interfaz vfio del kernel de Linux que permite la violación del límite de memoria bl... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.0EPSS: 0%CPEs: 17EXPL: 0CVE-2019-11486 – Debian Security Advisory 4465-1
https://notcve.org/view.php?id=CVE-2019-11486
23 Apr 2019 — The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions. El controlador de disciplina de línea Siemens R3964 en drivers/tty/n_r3964.c en el kernel de Linux antes de la versión 5.0.8 tiene múltiples condiciones de carrera. Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.5EPSS: 2%CPEs: 10EXPL: 0CVE-2019-11474 – Debian Security Advisory 4640-1
https://notcve.org/view.php?id=CVE-2019-11474
23 Apr 2019 — coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (floating-point exception and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009. coders/xwd.c en GraphicsMagick 1.3.31, permite a los atacantes causar una denegación de servicio (excepción en coma flotante y un cierre inesperado de la aplicación) al crear un archivo de imagen XWD, una vulnerabilidad diferente a CVE-2019-11008 y CVE-2019-11009. handling problems... • http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/5402c5cbd8bd • CWE-682: Incorrect Calculation CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 4%CPEs: 16EXPL: 1CVE-2019-11035 – Heap over-read in PHP EXIF extension
https://notcve.org/view.php?id=CVE-2019-11035
18 Apr 2019 — When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash. Al procesar ciertos archivos, la extensión PHP EXIF en las versiones 7.1.x anteriores a la 7.1.28, 7.2.x anteriores a la 7.2.17 y 7.3.x anteriores a la 7.3.4 puede hacer que se lea el búfer asignado en la función exif_iif_add_value. Esto puede conducir a la revel... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00010.html • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 4%CPEs: 16EXPL: 0CVE-2019-11034 – Heap over-read in PHP EXIF extension
https://notcve.org/view.php?id=CVE-2019-11034
18 Apr 2019 — When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash. Al procesar ciertos archivos, la extensión PHP EXIF en las versiones 7.1.x anteriores a la 7.1.28, 7.2.x anteriores a la 7.2.17 y 7.3.x anteriores a la 7.3.4 puede hacer que se lea el buffer asignado en la función exif_process_IFD_TAG. Esto puede conducir a la ... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00010.html • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 22EXPL: 0CVE-2018-16877 – pacemaker: Insufficient local IPC client-server authentication on the client's side can lead to local privesc
https://notcve.org/view.php?id=CVE-2018-16877
18 Apr 2019 — A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation. Se encontró un fallo en la forma en que se implementó la autenticación cliente-servidor del software Pacemaker, en versiones hasta la 2.0.0 inclusive. Un atacante local podría utilizar este fallo, y combinarlo con otras debilidades del IPC, para lograr una escalada de ... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00012.html • CWE-287: Improper Authentication •