CVE-2019-16168 – sqlite: Division by zero in whereLoopAddBtreeIndex in sqlite3.c
https://notcve.org/view.php?id=CVE-2019-16168
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner." En SQLite versiones hasta 3.29.0, la función whereLoopAddBtreeIndex en el archivo sqlite3.c puede bloquear un navegador u otra aplicación debido a la falta de comprobación de un campo sqlite_stat1 sz, también se conoce como "severe division by zero in the query planner.". • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00033.html https://kc.mcafee.com/corporate/index?page=content&id=SB10365 https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XZARJHJJDBHI7CE5PZEBXS5HKK6HXKW2 https://security.gentoo.org/glsa/202003-16 https://security.netapp.com/advisory/ntap-20190926-0003 https:/& • CWE-369: Divide By Zero •
CVE-2019-16163 – oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c
https://notcve.org/view.php?id=CVE-2019-16163
Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c. Oniguruma versiones anteriores a 6.9.3, permite un Agotamiento de la Pila en el archivo regcomp.c debido a la recursión en el archivo regparse.c. • https://github.com/kkos/oniguruma/commit/4097828d7cc87589864fecf452f2cd46c5f37180 https://github.com/kkos/oniguruma/compare/v6.9.2...v6.9.3 https://github.com/kkos/oniguruma/issues/147 https://lists.debian.org/debian-lts-announce/2019/09/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NWOWZZNFSAWM3BUTQNAE3PD44A6JU4KE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZW47MSFZ6WYOAOFXHBDGU4LYACFRKC2Y https://usn.ubuntu.c • CWE-121: Stack-based Buffer Overflow CWE-674: Uncontrolled Recursion •
CVE-2019-9453
https://notcve.org/view.php?id=CVE-2019-9453
In the Android kernel in F2FS touch driver there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. En el kernel de Android en el controlador táctil F2FS hay una posible lectura fuera de los límites debido a una validación de entrada incorrecta. Esto podría llevar a una divulgación de información local con privilegios de ejecución System necesarios. • https://source.android.com/security/bulletin/pixel/2019-09-01 https://usn.ubuntu.com/4527-1 • CWE-20: Improper Input Validation •
CVE-2019-9445
https://notcve.org/view.php?id=CVE-2019-9445
In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. En el kernel de Android en el controlador F2FS existe una posible lectura fuera de límites debido a la falta de una comprobación de límites. Esto podría llevar a un escalado de privilegios local necesitando privilegios de ejecución System. • https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html https://source.android.com/security/bulletin/pixel/2019-09-01 https://usn.ubuntu.com/4526-1 https://usn.ubuntu.com/4527-1 • CWE-125: Out-of-bounds Read •
CVE-2019-16056 – python: email.utils.parseaddr wrongly parses email addresses
https://notcve.org/view.php?id=CVE-2019-16056
An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally. Se descubrió un problema en Python versiones hasta 2.7.16, versiones 3.x hasta 3.5.7, versiones 3.6.x hasta 3.6.9 y versiones 3.7.x hasta 3.7.4. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00062.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00063.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html https://access.redhat.com/errata/RHSA-2019:3725 https://access.redhat.com/errata/RHSA-2019:3948 https://bugs.python.org/issue • CWE-20: Improper Input Validation •