CVSS: 7.5EPSS: 5%CPEs: 13EXPL: 1CVE-2019-10899
https://notcve.org/view.php?id=CVE-2019-10899
09 Apr 2019 — In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read. En Wireshark 2.4.0 a 2.4.13, 2.6.0 a 2.6.7 y 3.0.0, el disector SRVLOC podría fallar. Esto se abordó en epan/disectors/packet-srvloc.c evitando una lectura insuficiente del búfer basado en pilas. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00022.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 5%CPEs: 13EXPL: 1CVE-2019-10901 – Ubuntu Security Notice USN-3986-1
https://notcve.org/view.php?id=CVE-2019-10901
09 Apr 2019 — In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly. En Wireshark 2.4.0 a 2.4.13, 2.6.0 a 2.6.7 y 3.0.0, el disector LDSS podría cerrarse de forma inesperada. Esto fue tratado en epan/disectores/packet-ldsss.c mediante el manejo adecuado de los archivos de digest. It was discovered that Wireshark improperly handled certain input. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00022.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 4%CPEs: 13EXPL: 1CVE-2019-10903
https://notcve.org/view.php?id=CVE-2019-10903
09 Apr 2019 — In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check. En Wireshark 2.4.0 a 2.4.13, 2.6.0 a 2.6.7, y 3.0.0, el disector DCERPC SPOOLSS podría cerrarse inesperadamente. Esto fue tratado en epan/disectores/packet-dcerpc-spoolss.c añadiendo una comprobación de límites. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00022.html • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-11010 – Debian Security Advisory 4640-1
https://notcve.org/view.php?id=CVE-2019-11010
08 Apr 2019 — In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in the function ReadMPCImage of coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file. En GraphicsMagick 1.4 snapshot-20190322 Q8, hay una fuga de memoria en la función ReadMPCImage de coders/mpc.c, que permite a los atacantes causar una denegación de servicio a través de un archivo de imagen elaborado. handling problems and cases of missing or incomplete input sanitising may result in denial of service, ... • http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/a348d9661019 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 8.1EPSS: 1%CPEs: 4EXPL: 1CVE-2019-11009 – Debian Security Advisory 4640-1
https://notcve.org/view.php?id=CVE-2019-11009
08 Apr 2019 — In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file. En GraphicsMagick 1.4 snapshot-20190322 Q8, hay una sobre-lectura de búfer basada en pilas en la función ReadXWDImage de coders/xwd.c, que permite a los atacantes causar una denegación de servicio o revelación de información a través de un archivo de imagen diseñado. handling pr... • http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/7cff2b1792de • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 1CVE-2019-11008 – Debian Security Advisory 4640-1
https://notcve.org/view.php?id=CVE-2019-11008
08 Apr 2019 — In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. En GraphicsMagick 1.4 snapshot-20190322 Q8, hay un desbordamiento de búfer basado en memoria dinámica (heap) en la función WriteXWDImage de coders/xwd.c, que permite a los atacantes remotos causar una denegación de servicio (cierre ines... • http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/d823d23a474b • CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 1%CPEs: 8EXPL: 0CVE-2019-11007 – Debian Security Advisory 4640-1
https://notcve.org/view.php?id=CVE-2019-11007
08 Apr 2019 — In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap. En GraphicsMagick 1.4 snapshot-20190322 Q8, hay una sobre-lectura de búfer basada en pilas en la función ReadMNGImage de coders/png.c, que permite a los atacantes causar una denegación de servicio o revelación de información a través de un mapa de color de imagen. handling problems... • http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/40fc71472b98 • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 1CVE-2019-11006 – Ubuntu Security Notice USN-5974-1
https://notcve.org/view.php?id=CVE-2019-11006
08 Apr 2019 — In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet. En GraphicsMagick 1.4 snapshot-20190322 Q8, hay una sobre lectura de búfer basada en memoria dinámica (heap) en la función ReadMIFFImage de coders/miff.c, que permite a los atacantes causar una denegación de servicio o divulgación de información a través de un paquete RLE. It was dis... • http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/f7610c1281c1 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 3%CPEs: 3EXPL: 1CVE-2019-11005 – Debian Security Advisory 4640-1
https://notcve.org/view.php?id=CVE-2019-11005
08 Apr 2019 — In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a quoted font family value. Se ha detectado una vulnerabilidad de desbordamiento de búfer basado en pila en GraphicsMagick 1.4 snapshot-20190322 Q8 en la función SVGStartElement en coders/svg.c. Esta vulnerabilidad permitiría a un atacante remoto generar ... • http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/b6fb77d7d54d • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 4%CPEs: 13EXPL: 0CVE-2019-10906 – python-jinja2: str.format_map allows sandbox escape
https://notcve.org/view.php?id=CVE-2019-10906
06 Apr 2019 — In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. En Pallets Jinja, en versiones anteriores a la 2.10.1, str.format_map permite un escape de sandbox. A flaw was found in Jinja. Python string formatting could allow an attacker to escape the sandbox. The highest threat from this vulnerability is to data confidentiality and integrity and system availability. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00030.html • CWE-138: Improper Neutralization of Special Elements •