CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-10206 – Ansible: disclosure data when prompted for password and template characters are passed
https://notcve.org/view.php?id=CVE-2019-10206
ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them. ansible-playbook -k y ansible cli tools, todas las versiones 2.8.x anteriores a 2.8.4, todas las 2.7.x anteriores a 2.7.13 y todas las 2.6.x anteriores a 2.6.19, solicitan contraseñas mediante expansión de plantillas, ya que podrían contener caracteres especiales. Las contraseñas deberán ser empaquetadas para evitar que las plantillas se activen y las expongan. A data disclosure flaw was found in ansible. Password prompts in ansible-playbook and ansible-cli tools could expose passwords with special characters as they are not properly wrapped. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10206 https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html https://www.debian.org/security/2021/dsa-4950 https://access.redhat.com/security/cve/CVE-2019-10206 https://bugzilla.redhat.com/show_bug.cgi?id=1732623 • CWE-522: Insufficiently Protected Credentials •
CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 1CVE-2019-14744 – kdelibs: malicious desktop files and configuration files lead to code execution with minimal user interaction
https://notcve.org/view.php?id=CVE-2019-14744
In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop file. En KDE Frameworks KConfig en versiones anteriores a 5.61.0, los archivos de escritorio y los archivos de configuración maliciosos conllevan a la ejecución de código con una interacción mínima del usuario. Esto se relaciona con el archivo libKF5ConfigCore.so y el manejo inapropiado de archivos .desktop y .directory, como es demostrado por un comando de shell en una línea Icon en un archivo .desktop. A flaw was found in the KDE Frameworks KConfig prior to version 5.61.0. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00034.html http://packetstormsecurity.com/files/153981/Slackware-Security-Advisory-kdelibs-Updates.html https://access.redhat.com/errata/RHSA-2019:2606 https://gist.githubusercontent.com/zeropwn/630832df151029cb8f22d5b6b9efaefb/raw/64aa3d30279acb207f787ce9c135eefd5e52643b/kde-kdesktopfile-command-injection.txt https://lists.deb • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-454: External Initialization of Trusted Variables or Data Stores •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 1CVE-2019-5060
https://notcve.org/view.php?id=CVE-2019-5060
An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Se presenta una vulnerabilidad de ejecución de código explotable en la función de renderización de imágenes XPM de SDL2_image 2.0.4. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html https://talosintelligence.com/vulnerability_reports/TALOS-2019-0844 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-5059
https://notcve.org/view.php?id=CVE-2019-5059
An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow, allocating too small of a buffer. This buffer can then be written out of bounds resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Se presenta una vulnerabilidad de ejecución de código explotable en la funcionalidad de renderización de imágenes XPM de SDL2_image 2.0.4. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html https://talosintelligence.com/vulnerability_reports/TALOS-2019-0843 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-5058
https://notcve.org/view.php?id=CVE-2019-5058
An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. Se presenta una vulnerabilidad de ejecución de código explotable en la funcionalidad de renderización de imágenes XCF de SDL2_image versión 2.0.4. Una imagen XCF especialmente diseñada puede causar un desbordamiento de la pila, resultando en la ejecución de código. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html https://talosintelligence.com/vulnerability_reports/TALOS-2019-0842 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •