CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-10136 – spacewalk: Insecure computation of authentication signatures during user authentication
https://notcve.org/view.php?id=CVE-2019-10136
It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum. Se encontró que Spacewalk, en todas las versiones hasta la 2.8, no computaba de forma segura las sumas de comprobación de token del cliente. Un atacante con un conjunto de encabezados válidos, pero expirados y autenticados, podría mover algunos dígitos, extendiendo artificialmente la validez de la sesión sin modificar la suma de comprobación. It was found that Spacewalk did not safely compute client token checksums. • http://www.securityfocus.com/bid/109029 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10136 https://access.redhat.com/security/cve/CVE-2019-10136 https://bugzilla.redhat.com/show_bug.cgi?id=1708696 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-10137 – spacewalk-proxy: Path traversal in proxy authentication cache
https://notcve.org/view.php?id=CVE-2019-10137
A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the existence of arbitrary files, if they have access to the proxy's filesystem, or can execute arbitrary code in the context of the httpd process. Se encontró un fallo de salto de ruta (path) en el proxy de spacewalk, en todas las versiones hasta la 2.8, en la manera en que el proxy procesa los tokens del cliente en la caché. Un atacante remoto no autenticado podría utilizar este fallo para probar la existencia de archivos arbitrarios, si tienen acceso al sistema de archivos del proxy, o si pueden ejecutar código arbitrario en el contexto del proceso httpd. A path traversal flaw was found in the way the proxy processes cached client tokens. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10137 https://access.redhat.com/security/cve/CVE-2019-10137 https://bugzilla.redhat.com/show_bug.cgi?id=1702604 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2019-10245 – JDK: Read beyond the end of bytecode array causing JVM crash
https://notcve.org/view.php?id=CVE-2019-10245
In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of bytecode array causing crashes. Eclipse OpenJ9 v0.14.0 correctly detects this case and rejects the attempted class load. En Eclipse OpenJ9, en versiones anteriores a 0.14.0, el verificador bytecode de Java permite incorrectamente que un método se ejecute más allá del final de la matriz de código de bytes causando cierres inesperados. Eclipse OpenJ9 versión 0.14.0 detecta correctamente este caso y rechaza la carga de clase intentada • http://www.securityfocus.com/bid/108094 https://access.redhat.com/errata/RHSA-2019:1163 https://access.redhat.com/errata/RHSA-2019:1164 https://access.redhat.com/errata/RHSA-2019:1165 https://access.redhat.com/errata/RHSA-2019:1166 https://access.redhat.com/errata/RHSA-2019:1238 https://access.redhat.com/errata/RHSA-2019:1325 https://bugs.eclipse.org/bugs/show_bug.cgi?id=545588 https://access.redhat.com/security/cve/CVE-2019-10245 https://bugzilla.redhat.com/show_ • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 8.1EPSS: 9%CPEs: 18EXPL: 1CVE-2019-2697 – Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in sc_FindExtrema4
https://notcve.org/view.php?id=CVE-2019-2697
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. • https://www.exploit-db.com/exploits/46722 http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://access.redhat.com/errata/RHSA-2019:1163 https://access.redhat.com/errata/RHSA-2019:1164 https://access.redhat.com/errata/RHSA-2019:1165 https://access.redhat.com/errata/RHSA-2019:1166 https://access.redhat.com/errata/RHSA-2019:1238 https://access.redhat.com/errata/RHSA-2019:1325 https://security.gentoo.org/glsa/201908-10 https://support.hpe.com/hps •
CVSS: 7.5EPSS: 0%CPEs: 41EXPL: 0CVE-2019-2602 – OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936)
https://notcve.org/view.php?id=CVE-2019-2602
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://access.redhat.com/errata/RHBA-2019:0959 https://access.redhat.com/errata/RHSA-2019:1146 https://access.redhat.com/errata • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •