CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-19727
https://notcve.org/view.php?id=CVE-2019-19727
13 Jan 2020 — SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions. SchedMD Slurm versiones anteriores a la versión 18.08.9 y versiones 19.x anteriores a la versión 19.05.5, posee permisos débiles de slurmdbd.conf. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00038.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-19728 – Debian Security Advisory 4841-1
https://notcve.org/view.php?id=CVE-2019-19728
13 Jan 2020 — SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges. SchedMD Slurm versiones anteriores a la versión 18.08.9 y versiones 19.x anteriores a la versión 19.05.5, ejecuta srun --uid con privilegios incorrectos. Multiple security issues were discovered in the Simple Linux Utility for Resource Management (SLURM), a cluster resource management and job scheduling system, which could result in denial of service, information disclosure or privilege escalation. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00038.html • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 2%CPEs: 9EXPL: 1CVE-2020-6377 – chromium-browser: Use after free in audio
https://notcve.org/view.php?id=CVE-2020-6377
10 Jan 2020 — Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en audio en Google Chrome versiones anteriores a la versión 79.0.3945.117, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML especialmente diseñada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could allow remot... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00004.html • CWE-416: Use After Free •
CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 0CVE-2020-1765 – Spoofing of From field in several screens
https://notcve.org/view.php?id=CVE-2020-1765
10 Jan 2020 — An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions. Un control inapropiado de los parámetros permite la suplantación de los campos de las siguientes pantallas: AgentTicketCompose, AgentTicketForward, Ag... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html • CWE-472: External Control of Assumed-Immutable Web Parameter •
CVSS: 5.3EPSS: 68%CPEs: 5EXPL: 4CVE-2019-20372 – nginx: HTTP request smuggling in configurations with URL redirect used as error_page
https://notcve.org/view.php?id=CVE-2019-20372
09 Jan 2020 — NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer. NGINX versiones anteriores a 1.17.7, con ciertas configuraciones de error_page, permite el trafico no autorizado de peticiones HTTP, como es demostrado por la capacidad de un atacante para leer páginas web no autorizadas en entornos donde NGINX está al frente de un equilibrador... • https://github.com/0xleft/CVE-2019-20372 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 8.8EPSS: 2%CPEs: 27EXPL: 1CVE-2019-17024 – Mozilla: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4
https://notcve.org/view.php?id=CVE-2019-17024
08 Jan 2020 — Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. Los desarrolladores de Mozilla reportaron bugs de seguridad de memoria presentes en Firefox versión 71 y Firefox ESR versión 68.3. Algunos de estos errores mostraron evidencia de corrupción de memori... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 2CVE-2019-17021 – Slackware Security Advisory - mozilla-thunderbird Updates
https://notcve.org/view.php?id=CVE-2019-17021
08 Jan 2020 — During the initialization of a new content process, a race condition occurs that can allow a content process to disclose heap addresses from the parent process. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. Durante la inicialización de un nuevo proceso de contenido, ocurre una condición de carrera que puede permitir a un proceso de contenido revelar direcciones de la pila del proceso principal. * Nota: este... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2020-6609
https://notcve.org/view.php?id=CVE-2020-6609
08 Jan 2020 — GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c. GNU LibreDWG versión 0.9.3.2564, tiene una lectura excesiva de búfer en la región heap de la memoria en la función read_pages_map en el archivo decode_r2007.c. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00046.html • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2020-6610
https://notcve.org/view.php?id=CVE-2020-6610
08 Jan 2020 — GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_r2007.c. GNU LibreDWG versión 0.9.3.2564, tiene un intento de asignación excesiva de memoria en la función read_sections_map en el archivo decode_r2007.c. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00046.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2020-6611
https://notcve.org/view.php?id=CVE-2020-6611
08 Jan 2020 — GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c. GNU LibreDWG versión 0.9.3.2564, tiene una desreferencia del puntero NULL en la función get_next_owned_entity en el archivo dwg.c. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00046.html • CWE-476: NULL Pointer Dereference •