CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 1CVE-2019-5094 – e2fsprogs: Crafted ext4 partition leads to out-of-bounds write
https://notcve.org/view.php?id=CVE-2019-5094
24 Sep 2019 — An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. Se presenta una vulnerabilidad de ejecución de código explotable en la funcionalidad quota file de E2fsprogs versión 1.45.3. Una partición ext4 especialmente diseñada puede causar una escritura fuera de límites en la pila, resultan... • https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 82EXPL: 1CVE-2019-14835 – kernel: vhost-net: guest to host kernel escape during migration
https://notcve.org/view.php?id=CVE-2019-14835
17 Sep 2019 — A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. Se encontró un fallo de desbordamiento de búfer, en las versiones desde 2.6.34 hasta 5.2.x, en la manera en que la funcionalidad vhost d... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.4EPSS: 0%CPEs: 10EXPL: 1CVE-2019-15031 – kernel: powerpc: local user can read vector registers of other users' processes via an interrupt
https://notcve.org/view.php?id=CVE-2019-15031
13 Sep 2019 — In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c. En el kernel de Linux versiones hast... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-662: Improper Synchronization •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2019-16275 – Ubuntu Security Notice USN-4136-1
https://notcve.org/view.php?id=CVE-2019-16275
12 Sep 2019 — hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range. hostapd versiones anteriores a 2.10 y wpa_supplicant versiones anteriores a 2.10, permiten una indicación incorrecta de desconexión... • http://www.openwall.com/lists/oss-security/2019/09/12/6 • CWE-346: Origin Validation Error •
CVSS: 6.5EPSS: 0%CPEs: 27EXPL: 0CVE-2019-16168 – sqlite: Division by zero in whereLoopAddBtreeIndex in sqlite3.c
https://notcve.org/view.php?id=CVE-2019-16168
09 Sep 2019 — In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner." En SQLite versiones hasta 3.29.0, la función whereLoopAddBtreeIndex en el archivo sqlite3.c puede bloquear un navegador u otra aplicación debido a la falta de comprobación de un campo sqlite_stat1 sz, también se conoce como "severe division by zero in the query planner.". SQLite is a C library th... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00032.html • CWE-369: Divide By Zero •
CVSS: 7.5EPSS: 0%CPEs: 28EXPL: 0CVE-2019-16056 – python: email.utils.parseaddr wrongly parses email addresses
https://notcve.org/view.php?id=CVE-2019-16056
06 Sep 2019 — An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally. Se descubrió un problema en ... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00062.html • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2015-9383 – Ubuntu Security Notice USN-4126-1
https://notcve.org/view.php?id=CVE-2015-9383
03 Sep 2019 — FreeType before 2.6.2 has a heap-based buffer over-read in tt_cmap14_validate in sfnt/ttcmap.c. FreeType en versiones anteriores a la 2.6.2 tiene una sobrelectura de búfer basada en memoria dinámica (heap) en tt_cmap14_validate en sfnt/ttcmap.c. USN-4126-1 fixed a vulnerability in FreeType. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that FreeType incorrectly handled certain font files. • http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=57cbb8c148999ba8f14ed53435fc071ac9953afd • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 15EXPL: 1CVE-2019-11042 – heap-buffer-overflow on exif_process_user_comment in EXIF extension
https://notcve.org/view.php?id=CVE-2019-11042
09 Aug 2019 — When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. Cuando la extensión EXIF de PHP está analizando información EXIF de una imagen, p.ej. por medio de la función exif_read_data(), en PHP versiones 7.1.x anteriores a 7.1.31, versiones 7.2.x an... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00019.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 15EXPL: 1CVE-2019-11041 – heap-buffer-overflow on exif_scan_thumbnail in EXIF extension
https://notcve.org/view.php?id=CVE-2019-11041
09 Aug 2019 — When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. Cuando la extensión EXIF de PHP está analizando información EXIF de una imagen, p.ej. por medio de la función exif_read_data(), en PHP versiones 7.1.x anteriores a 7.1.31, versiones 7.2.x an... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00019.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 29EXPL: 0CVE-2019-13565 – Ubuntu Security Notice USN-4078-2
https://notcve.org/view.php?id=CVE-2019-13565
26 Jul 2019 — An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, et... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html •