CVSS: 8.8EPSS: 0%CPEs: 32EXPL: 0CVE-2019-13734 – sqlite: fts3: improve shadow table corruption detection
https://notcve.org/view.php?id=CVE-2019-13734
Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una escritura fuera de limites en SQLite en Google Chrome versiones anteriores a la versión 79.0.3945.79, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML especialmente diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html https://access.redhat.com/errata/RHSA-2019:4238 https://access.redhat.com/errata/RHSA-2020:0227 https://access.redhat.com/errata/RHSA-2020:0229 https://access.redhat.com/errata/RHSA-2020:0273 https://access.redhat.com/errata/RHSA-2020:0451 https://access.redhat.com/errata/RHSA-2020:0463 https://access.redhat.com/errata/RHSA-2020:0 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 324EXPL: 0CVE-2019-11135 – hw: TSX Transaction Asynchronous Abort (TAA)
https://notcve.org/view.php?id=CVE-2019-11135
TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. Una condición de tipo TSX Asynchronous Abort en algunas CPU que utilizan ejecución especulativa puede habilitar a un usuario autenticado para permitir potencialmente una divulgación de información por medio de un canal lateral con acceso local. A flaw was found in the way Intel CPUs handle speculative execution of instructions when the TSX Asynchronous Abort (TAA) error occurs. A local authenticated attacker with the ability to monitor execution times could infer the TSX memory state by comparing abort execution times. This could allow information disclosure via this observed side-channel for any TSX transaction being executed while an attacker is able to observe abort timing. Intel's Transactional Synchronisation Extensions (TSX) are set of instructions which enable transactional memory support to improve performance of the multi-threaded applications, in the lock-protected critical sections. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00045.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00042.html http://packetstormsecurity.com/files/155375/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://www.openwall.com/lists/oss-security/2019/12/10/3 http://www.openwall.com/lists/oss-security/2019/12/10/4 http://www.openwall.com/lists/oss-security/2019/12 • CWE-203: Observable Discrepancy •
CVSS: 9.1EPSS: 0%CPEs: 10EXPL: 0CVE-2019-17631 – JDK: Unrestricted access to diagnostic operations
https://notcve.org/view.php?id=CVE-2019-17631
From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks. Eclipse OpenJ9 desde las versiones 0.15 hasta 0.16, se accede a operaciones de diagnóstico tales como causar un GC o crear un archivo de diagnóstico sin ninguna comprobación de privilegios. • https://access.redhat.com/errata/RHSA-2019:4113 https://access.redhat.com/errata/RHSA-2019:4115 https://access.redhat.com/errata/RHSA-2020:0006 https://access.redhat.com/errata/RHSA-2020:0046 https://bugs.eclipse.org/bugs/show_bug.cgi?id=552129 https://access.redhat.com/security/cve/CVE-2019-17631 https://bugzilla.redhat.com/show_bug.cgi?id=1779880 • CWE-269: Improper Privilege Management CWE-285: Improper Authorization •
CVSS: 4.2EPSS: 0%CPEs: 19EXPL: 0CVE-2019-2996 – JDK: unspecified vulnerability fixed in 8u221 (Deployment)
https://notcve.org/view.php?id=CVE-2019-2996
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Deployment). The supported version that is affected is Java SE: 8u221; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. • http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://access.redhat.com/errata/RHSA-2019:4113 https://access.redhat.com/errata/RHSA-2019:4115 https://access.redhat.com/errata/RHSA-2020:0006 https://access.redhat.com/errata/RHSA-2020:0046 https://security.netapp.com/advisory/ntap-20191017-0001 https://access.redhat.com/security/cve/CVE-2019-2996 https://bugzilla.redhat.com/show_bug.cgi?id=1778942 •
CVSS: 6.8EPSS: 0%CPEs: 36EXPL: 0CVE-2019-2949 – OpenJDK: Improper handling of Kerberos proxy credentials (Kerberos, 8220302)
https://notcve.org/view.php?id=CVE-2019-2949
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://access.redhat.com/errata/RHSA-2019:3134 https://access.redhat.com/errata/RHSA-2019:3135 https://access.redhat.com/errata/RHSA-2019:3136 https://kc.mcafee.com/corporate/index?page=content&id&# • CWE-522: Insufficiently Protected Credentials •