CVSS: 7.3EPSS: 0%CPEs: 10EXPL: 0CVE-2019-14905 – Ansible: malicious code could craft filename in nxos_file_copy module
https://notcve.org/view.php?id=CVE-2019-14905
23 Jan 2020 — A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues. Se detectó una vulnerabilidad en Ansible Engine versiones 2.9.x anteriores a 2.9.3, versiones 2.8.x anteriores a ... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html • CWE-20: Improper Input Validation CWE-73: External Control of File Name or Path CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.5EPSS: 0%CPEs: 36EXPL: 0CVE-2019-20388 – libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c
https://notcve.org/view.php?id=CVE-2019-20388
21 Jan 2020 — xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. La función xmlSchemaPreRun en el archivo xmlschemas.c en libxml2 versión 2.9.10, permite una pérdida de memoria de la función xmlSchemaValidateStream. A memory leak was found in the xmlSchemaValidateStream function of libxml2. Applications that use this library may be vulnerable to memory not being freed leading to a denial of service. System availability is the highest threat from this vulnerability. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 9.3EPSS: 5%CPEs: 8EXPL: 0CVE-2020-7040 – Ubuntu Security Notice USN-4508-1
https://notcve.org/view.php?id=CVE-2020-7040
21 Jan 2020 — storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. (Local users can also create a plain file named /tmp/storeBackup.lock to block use of storeBackup until an admin manually deletes that file.) El archivo storeBackup.pl en storeBackup versiones hasta 3.5, se basa en el nombre de ruta /tmp/storeBackup.lock, que permite ataques de tipo symlink que posiblemente conllevan a una escalada de privilegios. (... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00054.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 2CVE-2020-5202
https://notcve.org/view.php?id=CVE-2020-5202
21 Jan 2020 — apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit SocketPath=/var/run/apt-cacher-ng/socket command-line option is passed. The cron job /etc/cron.daily/apt-cacher-ng (which is active by default) attempts this periodically. Because 3142 is an unprivileged port, any local user can try to bind to this port and will r... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00057.html •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2019-18932 – Gentoo Linux Security Advisory 202007-32
https://notcve.org/view.php?id=CVE-2019-18932
21 Jan 2020 — log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can pre-create the directory, and place symlinks in it (after winning a /tmp/sarg/denied.int_unsort race condition). The outcome will be corrupted or newly created files in privileged file system locations. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00051.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 2.4EPSS: 0%CPEs: 9EXPL: 0CVE-2019-20386 – systemd: memory leak in button_open() in login/logind-button.c when udev events are received
https://notcve.org/view.php?id=CVE-2019-20386
21 Jan 2020 — An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur. Se detectó un problema en la función button_open en el archivo login/logind-button.c en systemd versiones anteriores a 243. Cuando se ejecuta el comando de activación udevadm, puede presentarse una pérdida de memoria. A memory leak was discovered in the systemd-login when a power-switch event is received. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.5EPSS: 2%CPEs: 12EXPL: 0CVE-2019-19344 – Ubuntu Security Notice USN-4244-1
https://notcve.org/view.php?id=CVE-2019-19344
21 Jan 2020 — There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer. Se presenta un problema de uso de la memoria previamente liberada en todas las versiones 4.9.x anteriores a 4.9.18 de samba, todas las versiones 4.10.x anteriores a 4.10.12 de samba y todas las versiones 4.11.x anteriores a 4.11.5 de samba, esencia... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00055.html • CWE-416: Use After Free •
CVSS: 5.5EPSS: 2%CPEs: 9EXPL: 0CVE-2019-14902 – Ubuntu Security Notice USN-4244-1
https://notcve.org/view.php?id=CVE-2019-14902
21 Jan 2020 — There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers. Se presenta un problema en todas las versiones 4.11.x anteriores a 4.11.5 de samba, todas las versiones 4.10.x anteriores a 4.10.12 de samba y todas las versiones 4.9.x anteriores a 4.9.18 de samba, donde la eliminación del derecho a crear... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00055.html • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 7%CPEs: 6EXPL: 0CVE-2019-17361 – Debian Security Advisory 4676-1
https://notcve.org/view.php?id=CVE-2019-17361
17 Jan 2020 — In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host. En SaltStack Salt hasta 2019.2.0, la API NET de salt-api con el cliente ssh habilitado es vulnerable a la inyección de comandos. Esto permite que un atacante no autenticado con acceso de red al punto final de la API ejecute código arbitrario en el host salt-api. ... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00026.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.8EPSS: 1%CPEs: 5EXPL: 0CVE-2020-7039 – QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu()
https://notcve.org/view.php?id=CVE-2020-7039
16 Jan 2020 — tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code. El archivo tcp_emu en tcp_subr.c en libslirp versión 4.1.0, como es usado en QEMU versión 4.2.0, administra inapropiadamente la memoria, como es demostrado por los comandos IRC DCC en EMU_IRC. Esto puede causar un desbordamiento del búfer en la r... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •