CVSS: 6.5EPSS: 0%CPEs: 27EXPL: 0CVE-2019-16168 – sqlite: Division by zero in whereLoopAddBtreeIndex in sqlite3.c
https://notcve.org/view.php?id=CVE-2019-16168
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner." En SQLite versiones hasta 3.29.0, la función whereLoopAddBtreeIndex en el archivo sqlite3.c puede bloquear un navegador u otra aplicación debido a la falta de comprobación de un campo sqlite_stat1 sz, también se conoce como "severe division by zero in the query planner.". • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00033.html https://kc.mcafee.com/corporate/index?page=content&id=SB10365 https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XZARJHJJDBHI7CE5PZEBXS5HKK6HXKW2 https://security.gentoo.org/glsa/202003-16 https://security.netapp.com/advisory/ntap-20190926-0003 https:/& • CWE-369: Divide By Zero •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2019-9453
https://notcve.org/view.php?id=CVE-2019-9453
In the Android kernel in F2FS touch driver there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. En el kernel de Android en el controlador táctil F2FS hay una posible lectura fuera de los límites debido a una validación de entrada incorrecta. Esto podría llevar a una divulgación de información local con privilegios de ejecución System necesarios. • https://source.android.com/security/bulletin/pixel/2019-09-01 https://usn.ubuntu.com/4527-1 • CWE-20: Improper Input Validation •
CVSS: 4.4EPSS: 0%CPEs: 5EXPL: 0CVE-2019-9445
https://notcve.org/view.php?id=CVE-2019-9445
In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. En el kernel de Android en el controlador F2FS existe una posible lectura fuera de límites debido a la falta de una comprobación de límites. Esto podría llevar a un escalado de privilegios local necesitando privilegios de ejecución System. • https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html https://source.android.com/security/bulletin/pixel/2019-09-01 https://usn.ubuntu.com/4526-1 https://usn.ubuntu.com/4527-1 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 28EXPL: 0CVE-2019-16056 – python: email.utils.parseaddr wrongly parses email addresses
https://notcve.org/view.php?id=CVE-2019-16056
An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally. Se descubrió un problema en Python versiones hasta 2.7.16, versiones 3.x hasta 3.5.7, versiones 3.6.x hasta 3.6.9 y versiones 3.7.x hasta 3.7.4. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00062.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00063.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html https://access.redhat.com/errata/RHSA-2019:3725 https://access.redhat.com/errata/RHSA-2019:3948 https://bugs.python.org/issue • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-15918
https://notcve.org/view.php?id=CVE-2019-15918
An issue was discovered in the Linux kernel before 5.0.10. SMB2_negotiate in fs/cifs/smb2pdu.c has an out-of-bounds read because data structures are incompletely updated after a change from smb30 to smb21. Se detectó un problema en el kernel de Linux versiones anteriores a 5.0.10. La función SMB2_negotiate en el archivo fs/cifs/smb2pdu.c presenta una lectura fuera de límites porque las estructuras de datos son actualizadas de manera incompleta después de un cambio desde smb30 hacia smb21. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10 https://github.com/torvalds/linux/commit/b57a55e2200ede754e4dc9cce4ba9402544b9365 https://security.netapp.com/advisory/ntap-20191004-0001 https://usn.ubuntu.com/4162-1 https://usn.ubuntu.com/4162-2 • CWE-125: Out-of-bounds Read •