CVSS: 8.8EPSS: 3%CPEs: 13EXPL: 1CVE-2019-13729 – chromium-browser: Use after free in WebSockets
https://notcve.org/view.php?id=CVE-2019-13729
10 Dec 2019 — Use-after-free in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en WebSockets en Google Chrome versiones anteriores a la versión 79.0.3945.79, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML especialmente diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version ... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 9.6EPSS: 6%CPEs: 13EXPL: 0CVE-2019-13726 – chromium-browser: Heap buffer overflow in password manager
https://notcve.org/view.php?id=CVE-2019-13726
10 Dec 2019 — Buffer overflow in password manager in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Un desbordamiento de búfer en password manager en Google Chrome versiones anteriores a la verisón 79.0.3945.79, permitió a un atacante remoto ejecutar código arbitrario por medio de una página HTML especialmente diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 79.0.3945.79. Issues addressed include... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 13EXPL: 0CVE-2019-13727 – chromium-browser: Insufficient policy enforcement in WebSockets
https://notcve.org/view.php?id=CVE-2019-13727
10 Dec 2019 — Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Una aplicación de política insuficiente en WebSockets en Google Chrome versiones anteriores a la versión 79.0.3945.79, permitió a un atacante remoto omitir la política del mismo origen por medio de una página HTML especialmente diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 79.0.3945... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html • CWE-281: Improper Preservation of Permissions •
CVSS: 9.6EPSS: 7%CPEs: 13EXPL: 0CVE-2019-13725 – chromium-browser: Use after free in Bluetooth
https://notcve.org/view.php?id=CVE-2019-13725
10 Dec 2019 — Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Un uso de la memoria previamente liberada en Bluetooth en Google Chrome versiones anteriores a la versión 79.0.3945.79, permitió a un atacante remoto ejecutar código arbitrario por medio de una página HTML especialmente diseñada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 79.0.3945.79. Issues addressed include... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 87%CPEs: 260EXPL: 2CVE-2019-5544 – VMware ESXi and Horizon DaaS OpenSLP Heap-Based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2019-5544
06 Dec 2019 — OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. OpenSLP, como es usado en ESXi y los dispositivos Horizon DaaS, presenta un problema de sobrescritura de la pila. VMware ha evaluado la gravedad de este problema para estar en el rango de gravedad Crítica con una puntuación base máxima CVSSv3 de 9.8. A heap overflow vulnerability was found in OpenSLP.... • https://github.com/HynekPetrak/CVE-2019-5544_CVE-2020-3992 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 2%CPEs: 7EXPL: 0CVE-2019-13723 – chromium-browser: use-after-free in bluetooth
https://notcve.org/view.php?id=CVE-2019-13723
25 Nov 2019 — Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en WebBluetooth en Google Chrome versiones anteriores a 78.0.3904.108, permitió a un atacante remoto, que había comprometido el proceso del renderizador, explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada. Chromium is an open-sourc... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00035.html • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2012-6136
https://notcve.org/view.php?id=CVE-2012-6136
20 Nov 2019 — tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes. tuned versión 2.10.0 crea su archivo PID con permisos no seguros lo que permite a usuarios locales eliminar procesos arbitrarios. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6136 • CWE-276: Incorrect Default Permissions •
CVSS: 9.1EPSS: 0%CPEs: 10EXPL: 0CVE-2019-17631 – JDK: Unrestricted access to diagnostic operations
https://notcve.org/view.php?id=CVE-2019-17631
17 Oct 2019 — From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks. Eclipse OpenJ9 desde las versiones 0.15 hasta 0.16, se accede a operaciones de diagnóstico tales como causar un GC o crear un archivo de diagnóstico sin ninguna comprobación de privilegios. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR6. I... • https://access.redhat.com/errata/RHSA-2019:4113 • CWE-269: Improper Privilege Management CWE-285: Improper Authorization •
CVSS: 4.2EPSS: 2%CPEs: 19EXPL: 0CVE-2019-2996 – JDK: unspecified vulnerability fixed in 8u221 (Deployment)
https://notcve.org/view.php?id=CVE-2019-2996
16 Oct 2019 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Deployment). The supported version that is affected is Java SE: 8u221; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete acc... • http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html •
CVSS: 4.3EPSS: 0%CPEs: 37EXPL: 0CVE-2019-2962 – OpenJDK: NULL pointer dereference in DrawGlyphList (2D, 8222690)
https://notcve.org/view.php?id=CVE-2019-2962
16 Oct 2019 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This... • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html • CWE-476: NULL Pointer Dereference •