CVSS: 9.3EPSS: 0%CPEs: 11EXPL: 0CVE-2019-8844 – webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2019-8844
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. Se abordó múltiples problemas de corrupción de memoria con un manejo de la memoria mejorada. Este problema se corrigió en tvOS versión 13.3, watchOS versión 6.1.1, iCloud para Windows versión 10.9, iOS versión 13.3 y iPadOS versión 13.3, Safari versión 13.0.4, iTunes versión 12.10.3 para Windows, iCloud para Windows versión 7.16. • https://support.apple.com/en-us/HT210785 https://support.apple.com/en-us/HT210789 https://support.apple.com/en-us/HT210790 https://support.apple.com/en-us/HT210792 https://support.apple.com/en-us/HT210793 https://support.apple.com/en-us/HT210794 https://support.apple.com/en-us/HT210795 https://access.redhat.com/security/cve/CVE-2019-8844 https://bugzilla.redhat.com/show_bug.cgi?id=1816686 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 32EXPL: 0CVE-2019-13734 – sqlite: fts3: improve shadow table corruption detection
https://notcve.org/view.php?id=CVE-2019-13734
Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una escritura fuera de limites en SQLite en Google Chrome versiones anteriores a la versión 79.0.3945.79, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML especialmente diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html https://access.redhat.com/errata/RHSA-2019:4238 https://access.redhat.com/errata/RHSA-2020:0227 https://access.redhat.com/errata/RHSA-2020:0229 https://access.redhat.com/errata/RHSA-2020:0273 https://access.redhat.com/errata/RHSA-2020:0451 https://access.redhat.com/errata/RHSA-2020:0463 https://access.redhat.com/errata/RHSA-2020:0 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 2%CPEs: 260EXPL: 0CVE-2019-5544 – VMware ESXi and Horizon DaaS OpenSLP Heap-Based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2019-5544
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. OpenSLP, como es usado en ESXi y los dispositivos Horizon DaaS, presenta un problema de sobrescritura de la pila. VMware ha evaluado la gravedad de este problema para estar en el rango de gravedad Crítica con una puntuación base máxima CVSSv3 de 9.8. A heap overflow vulnerability was found in OpenSLP. • http://www.openwall.com/lists/oss-security/2019/12/10/2 http://www.openwall.com/lists/oss-security/2019/12/11/2 http://www.vmware.com/security/advisories/VMSA-2019-0022.html https://access.redhat.com/errata/RHSA-2019:4240 https://access.redhat.com/errata/RHSA-2020:0199 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DA3LYAJ2NRKMOZLZOQNDJ5TNQRFMWGHF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPXXJZLPLAQU • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 2CVE-2019-13456 – freeradius: eap-pwd: Information leak due to aborting when needing more than 10 iterations
https://notcve.org/view.php?id=CVE-2019-13456
In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494. En FreeRADIUS versiones 3.0 hasta 3.0.19, en promedio 1 de cada 2048 protocolos de enlace EAP-pwd presenta un fallo porque el elemento de contraseña no puede ser encontrado dentro de las 10 iteraciones del bucle de tipo "hunting and pecking". Esto filtra información que un atacante puede utilizar para recuperar la contraseña de cualquier usuario. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html https://bugzilla.redhat.com/show_bug.cgi?id=1737663 https://freeradius.org/security https://github.com/FreeRADIUS/freeradius-server/commit/3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa https://wpa3.mathyvanhoef.com https://access.redhat.com/security/cve/CVE-2019-13456 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-14906 – SDL: not fixed in Red Hat Enterprise Linux 7 erratum RHSA-2019:3950
https://notcve.org/view.php?id=CVE-2019-14906
A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow flaw while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or execute code. Se encontró un fallo con la errata de RHSA-2019: 3950, donde no se corrigió la vulnerabilidad SDL CVE-2019-13616. Este problema solo afecta a los paquetes SDL de Red Hat, SDL versiones hasta la versión 1.2.15 y versiones 2.x hasta la versión 2.0.9, tienen un fallo de desbordamiento de búfer en la región heap de la memoria mientras se copia una superficie existente en una nueva optimizada, debido a una falta de comprobación mientras la carga de una imagen BMP, es posible. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14906 https://access.redhat.com/security/cve/CVE-2019-14906 https://bugzilla.redhat.com/show_bug.cgi?id=1777372 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •