CVSS: 6.5EPSS: 2%CPEs: 15EXPL: 0CVE-2019-5798 – chromium-browser: Out of bounds read in Skia
https://notcve.org/view.php?id=CVE-2019-5798
Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. La falta de comprobación de límites correcta en Skia en Google Chrome antes de la versión 73.0.3683.75, permitió que un atacante remoto ejecutara una lectura de memoria fuera de límites por medio de una página HTML creada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://access.redhat.com/errata/RHSA-2019:1308 https://access.redhat.com/errata/RHSA-2019:1309 https://access.redhat.com/errata/RHSA-2019:1310 https://chromereleases.googleblog.com/2019/03/stable-ch • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 1%CPEs: 41EXPL: 0CVE-2019-9636 – python: Information Disclosure due to urlsplit improper NFKC normalization
https://notcve.org/view.php?id=CVE-2019-9636
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html http://www.securityfocus.com/bid/107400 https://access. • CWE-172: Encoding Error •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 4CVE-2019-9213 – Linux < 4.20.14 - Virtual Address 0 is Mappable via Privileged write() to /proc/*/mem
https://notcve.org/view.php?id=CVE-2019-9213
In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task. En el kernel de Linux, en versiones anteriores a la 4.20.14, expand_downwards en mm/mmap.c carece de una comprobación para la dirección mínima de mmap, lo que facilita que los atacantes exploten desreferencias de puntero NULL en el kernel en plataformas que no son SMAP. Esto esto está relacionado con una comprobación de capacidades para la tarea equivocada. A flaw was found in mmap in the Linux kernel allowing the process to map a null page. • https://www.exploit-db.com/exploits/46502 https://www.exploit-db.com/exploits/47957 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0a1d52994d440e21def1c2174932410b4f2a98a1 http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00045.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00052.html http://packetstormsecurity.com/files/156053/Reliable-Datagram-Sockets-RDS-rds_atomic_free_op-Privilege-Escalation.html http://www.securityfocus.com/bid/107296 https&# • CWE-476: NULL Pointer Dereference •
CVSS: 5.9EPSS: 1%CPEs: 180EXPL: 0CVE-2019-1559 – 0-byte record padding oracle
https://notcve.org/view.php?id=CVE-2019-1559
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html http://www.securityfocus.com/bid/107174 https://access. • CWE-203: Observable Discrepancy CWE-325: Missing Cryptographic Step •
CVSS: 7.5EPSS: 0%CPEs: 23EXPL: 0CVE-2018-20615 – haproxy: Mishandling of priority flag in short HEADERS frame by HTTP/2 decoder allows for crash
https://notcve.org/view.php?id=CVE-2018-20615
An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are skipped, the total frame length was not re-checked to make sure they were present in the frame. Se ha descubierto un problema de lectura fuera de límites en el decodificador del protocolo HTTP/2 en HAProxy, en versiones 1.8.x y 1.9.x hasta la 1.9.0, lo que puede resultar en un cierre inesperado. El procesamiento del flag PRIORITY en un frame HEADERS requiere 5 bytes adicionales y, aunque se omiten estos bytes, la longitud total del frame no se volvió a comprobar para asegurar que estaban presentes en la trama. A flaw was found in HAProxy, versions before 1.8.17 and 1.9.1. • http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00018.html http://www.securityfocus.com/bid/106645 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2019:0275 https://usn.ubuntu.com/3858-1 https://www.mail-archive.com/haproxy%40formilux.org/msg32304.html https://access.redhat.com/security/cve/CVE-2018-20615 https://bugzilla.redhat.com/show_bug.cgi?id=1663060 • CWE-125: Out-of-bounds Read •