CVSS: 4.4EPSS: 0%CPEs: 5EXPL: 0CVE-2019-9445
https://notcve.org/view.php?id=CVE-2019-9445
In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. En el kernel de Android en el controlador F2FS existe una posible lectura fuera de límites debido a la falta de una comprobación de límites. Esto podría llevar a un escalado de privilegios local necesitando privilegios de ejecución System. • https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html https://source.android.com/security/bulletin/pixel/2019-09-01 https://usn.ubuntu.com/4526-1 https://usn.ubuntu.com/4527-1 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 28EXPL: 0CVE-2019-16056 – python: email.utils.parseaddr wrongly parses email addresses
https://notcve.org/view.php?id=CVE-2019-16056
An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally. Se descubrió un problema en Python versiones hasta 2.7.16, versiones 3.x hasta 3.5.7, versiones 3.6.x hasta 3.6.9 y versiones 3.7.x hasta 3.7.4. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00062.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00063.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html https://access.redhat.com/errata/RHSA-2019:3725 https://access.redhat.com/errata/RHSA-2019:3948 https://bugs.python.org/issue • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-15918
https://notcve.org/view.php?id=CVE-2019-15918
An issue was discovered in the Linux kernel before 5.0.10. SMB2_negotiate in fs/cifs/smb2pdu.c has an out-of-bounds read because data structures are incompletely updated after a change from smb30 to smb21. Se detectó un problema en el kernel de Linux versiones anteriores a 5.0.10. La función SMB2_negotiate en el archivo fs/cifs/smb2pdu.c presenta una lectura fuera de límites porque las estructuras de datos son actualizadas de manera incompleta después de un cambio desde smb30 hacia smb21. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10 https://github.com/torvalds/linux/commit/b57a55e2200ede754e4dc9cce4ba9402544b9365 https://security.netapp.com/advisory/ntap-20191004-0001 https://usn.ubuntu.com/4162-1 https://usn.ubuntu.com/4162-2 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2015-9383
https://notcve.org/view.php?id=CVE-2015-9383
FreeType before 2.6.2 has a heap-based buffer over-read in tt_cmap14_validate in sfnt/ttcmap.c. FreeType en versiones anteriores a la 2.6.2 tiene una sobrelectura de búfer basada en memoria dinámica (heap) en tt_cmap14_validate en sfnt/ttcmap.c. • http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=57cbb8c148999ba8f14ed53435fc071ac9953afd https://lists.debian.org/debian-lts-announce/2019/09/msg00002.html https://savannah.nongnu.org/bugs/?46346 https://usn.ubuntu.com/4126-1 https://usn.ubuntu.com/4126-2 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 12EXPL: 0CVE-2019-15505 – kernel: out of bounds read in drivers/media/usb/dvb-usb/technisat-usb2.c
https://notcve.org/view.php?id=CVE-2019-15505
drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir). drivers/media/usb/dvb-usb/technisat-usb2.c en el kernel de Linux hasta la versión 5.2.9 tiene una lectura fuera de los límites a través del tráfico de dispositivos USB diseñado (que puede ser remoto a través de usbip o usbredir). An out-of-bounds read flaw was found in the DVB USB subsystem of the Linux kernel. There was no boundary check applied to the array in struct technisat_usb2_state state->buf until the 0xff byte is encountered. If the byte is not encountered within the limit, an exposure of kernel data structure occurs. Data confidentiality and system availability are the highest threats with this vulnerability. • http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html https://git.linuxtv.org/media_tree.git/commit/?id=0c4df39e504bf925ab666132ac3c98d6cbbe380b https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3RUDQJXRJQVGHCGR4YZWTQ3ECBI7TXH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro • CWE-125: Out-of-bounds Read •