CVSS: 7.5EPSS: 4%CPEs: 7EXPL: 1CVE-2019-15961 – Clam AntiVirus (ClamAV) Software Email Parsing Vulnerability
https://notcve.org/view.php?id=CVE-2019-15961
21 Nov 2019 — A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the C... • https://bugzilla.clamav.net/show_bug.cgi?id=12380 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.3EPSS: 0%CPEs: 6EXPL: 0CVE-2013-1429
https://notcve.org/view.php?id=CVE-2013-1429
07 Nov 2019 — Lintian before 2.5.12 allows remote attackers to gather information about the "host" system using crafted symlinks. Lintian versiones anteriores a 2.5.12, permite a atacantes remotos recabar información sobre el sistema "host" utilizando enlaces simbólicos diseñados. • https://bugs.launchpad.net/ubuntu/+source/lintian/+bug/1169636 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 94%CPEs: 11EXPL: 27CVE-2019-11043 – PHP FastCGI Process Manager (FPM) Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2019-11043
24 Oct 2019 — In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution. En PHP versiones 7.1.x anteriores a la versión 7.1.33, versiones 7.2.x anteriores a la versión 7.2.24 y versiones 7.3.x anteriores a 7.3.11, en ciertas configuraciones del FPM setup, es posible causar que el módulo FPM escrib... • https://packetstorm.news/files/id/154974 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 1CVE-2019-18218 – file: heap-based buffer overflow in cdf_read_property_info in cdf.c
https://notcve.org/view.php?id=CVE-2019-18218
21 Oct 2019 — cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). La función cdf_read_property_info en el archivo cdf.c en file versiones hasta 5.37, no restringe el número de elementos CDF_VECTOR, lo que permite un desbordamiento del búfer en la región heap de la memoria (escritura fuera de límites de 4 bytes). Red Hat Advanced Cluster Management for Kubernetes 2.2.10 images Red Hat Advanced Clus... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00044.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2019-18197 – libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure
https://notcve.org/view.php?id=CVE-2019-18197
18 Oct 2019 — In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed. En la función xsltCopyText en el archivo transform.c en libxslt versión 1.1.33, una variable de puntero no se restablece bajo determinadas circunstancias. Si el área de memoria relevante se liberó y reutiliz... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html • CWE-416: Use After Free CWE-908: Use of Uninitialized Resource •
CVSS: 9.0EPSS: 84%CPEs: 47EXPL: 29CVE-2019-14287 – sudo 1.8.27 - Security Bypass
https://notcve.org/view.php?id=CVE-2019-14287
15 Oct 2019 — In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command. En Sudo anteriores a 1.8.28, un atacante con acceso a una cuenta Runas ALL sudoer puede omitir ciertas listas negras de políticas y módulos PAM de sesión, y puede causar un registro... • https://www.exploit-db.com/exploits/47502 • CWE-267: Privilege Defined With Unsafe Actions CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 9.1EPSS: 0%CPEs: 6EXPL: 0CVE-2019-17544 – Debian Security Advisory 4948-1
https://notcve.org/view.php?id=CVE-2019-17544
14 Oct 2019 — libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character. La biblioteca libaspell.a en GNU Aspell versiones anteriores a 0.60.8, presenta una lectura excesiva del búfer en la región stack de la memoria en la función acommon::unescape en el archivo common/getdata.cpp por medio de un carácter \ aislado. USN-4155-1 fixed a vulnerability in Aspell. This update provides the corresponding update for Ubuntu 19.10. It was disco... • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16109 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0CVE-2019-15165 – libpcap: Resource exhaustion during PHB header length validation
https://notcve.org/view.php?id=CVE-2019-15165
03 Oct 2019 — sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory. En el archivo sf-pcapng.c en libpcap versiones anteriores a 1.9.1, no comprueba apropiadamente la longitud del encabezado PHB antes de asignar la memoria. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. The compliance-operator image updates are now available for OpenShift Container Platf... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00051.html • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 1CVE-2019-15166 – lmp_print in tcpdump lacks certain boundary checks
https://notcve.org/view.php?id=CVE-2019-15166
01 Oct 2019 — lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks. La función lmp_print_data_link_subobjs() en el archivo print-lmp.c en tcpdump versiones anteriores a 4.9.3, carece de ciertas comprobaciones de límites. Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications r... • https://github.com/Satheesh575555/external_tcpdump_AOSP10_r33_CVE-2019-15166 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 2CVE-2019-16935 – python: XSS vulnerability in the documentation XML-RPC server in server_title field
https://notcve.org/view.php?id=CVE-2019-16935
28 Sep 2019 — The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server. La documentación del servidor XML-RPC en Python versiones hasta 2.7.16, versiones 3.x hasta 3.6.9 y versiones 3.7.x hasta 3.7.4, present... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00062.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •