CVSS: 8.8EPSS: 0%CPEs: 60EXPL: 0CVE-2019-14821 – Kernel: KVM: OOB memory access via mmio ring buffer
https://notcve.org/view.php?id=CVE-2019-14821
An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system. Se encontró un problema de acceso fuera de límites en el kernel de Linux, todas las versiones hasta 5.3, en la manera en que el hipervisor KVM del kernel de Linux implementa la operación de escritura MMIO Coalesced. Opera en un objeto MMIO ring buffer "struct kvm_coalesced_mmio", en donde los índices de escritura "ring-)first" y "ring-)last" podrían ser suministrados por un proceso de espacio de usuario del host. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://www.openwall.com/lists/oss-security/2019/09/20/1 https://access.redhat.com/errata/RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3517&# • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 35%CPEs: 10EXPL: 0CVE-2019-11779
https://notcve.org/view.php?id=CVE-2019-11779
In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur. En Eclipse Mosquitto versiones 1.5.0 hasta 1.6.5 incluyéndola, si un cliente MQTT malicioso envía un paquete SUBSCRIBE que contiene un tema que consta de aproximadamente 65400 o más caracteres '/', es decir, el separador de jerarquía de temas, entonces ocurrirá un desbordamiento de la pila. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00077.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00008.html https://bugs.eclipse.org/bugs/show_bug.cgi?id=551160 https://lists.debian.org/debian-lts-announce/2019/10/msg00035.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4WMHIM64Q35NGTR6R3ILZUL4MA4ANB5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFWQBNFTAVHPUYNGYO2TCPF5PCSWC2Z7 https:&# • CWE-674: Uncontrolled Recursion CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 82EXPL: 1CVE-2019-14835 – kernel: vhost-net: guest to host kernel escape during migration
https://notcve.org/view.php?id=CVE-2019-14835
A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. Se encontró un fallo de desbordamiento de búfer, en las versiones desde 2.6.34 hasta 5.2.x, en la manera en que la funcionalidad vhost del kernel de Linux que traduce los búferes virtueue en IOV, registraba los descriptores del búfer durante una migración. Un usuario invitado privilegiado capaz de pasar descriptores con una longitud no válida hacia el host cuando la migración está en marcha, podría usar este fallo para aumentar sus privilegios sobre el host. A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html http://packetstormsecurity.com/files/154572/Kernel-Live-Patch-Security-Notice-LSN-0056-1.html http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01- • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2019-16239
https://notcve.org/view.php?id=CVE-2019-16239
process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes. La función process_http_response en OpenConnect versiones anteriores a 8.05, presenta un desbordamiento de búfer cuando un servidor malicioso utiliza la codificación fragmentada HTTP con tamaños de fragmento especialmente diseñados. • http://lists.infradead.org/pipermail/openconnect-devel/2019-September/005412.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00061.html https://lists.debian.org/debian-lts-announce/2019/10/msg00003.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FX56KYWC7X4ETV4P6HGJC7GZUEBITBBS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HDMZGNBLZZKAGB • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2019-16378
https://notcve.org/view.php?id=CVE-2019-16378
OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be relevant to the origin of an e-mail message. OpenDMARC versiones hasta 1.3.2 y versiones 1.4.x hasta 1.4.0-Beta1, es propenso a una vulnerabilidad de omisión de firma con múltiples direcciones From: que podrían afectar aplicaciones que consideran que un nombre de dominio es relevante para el origen de un mensaje de correo electrónico . • http://www.openwall.com/lists/oss-security/2019/09/17/2 https://bugs.debian.org/940081 https://github.com/trusteddomainproject/OpenDMARC/pull/48 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HEWDFGRKQHIWKFZH5BNWQDGUPNR7VH3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEUBIHJLMPMB6KHOSGDMUQKSAW4HOCYM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y7RT6ID7MBCEPNZEIUKK2TZIOCYPJR6E https://seclists& • CWE-290: Authentication Bypass by Spoofing •