CVSS: 9.8EPSS: 11%CPEs: 4EXPL: 1CVE-2019-14532
https://notcve.org/view.php?id=CVE-2019-14532
An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off-by-one overwrite due to an underflow on tools/hashtools/hfind.cpp while using a bogus hash table. Se detectó un problema en The Sleuth Kit (TSK) versión 4.6.6. Se presenta una sobrescritura por un paso debido a un subdesbordamiento en el archivo tools/hashtools/hfind.cpp al usar una tabla hash falsa. • https://github.com/sleuthkit/sleuthkit/issues/1575 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5EY53OYU7UZLAJWNIVVNR3EX2RNCCFTB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQR2QY3IAF2IG6HGBSKGL66VUDOTC3OA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFQKIE5U3LS5U7POPGS7YHLUSW2URWGJ • CWE-193: Off-by-one Error •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 1CVE-2019-14234 – Django: SQL injection possibility in key and index lookups for JSONField/HStoreField
https://notcve.org/view.php?id=CVE-2019-14234
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function. Se detectó un problema en Django versiones 1.11.x anteriores a 1.11.23, versiones 2.1.x anteriores a 2.1.11 y versiones 2.2.x anteriores a 2.2.4. Debido a un error en la transformación de clave superficial, las búsquedas de clave e índice para django.contrib.postgres.fields.JSONField, y las búsquedas de clave para django.contrib.postgres.fields.HStoreField, estaban sujetas a una inyección SQL. • https://github.com/malvika-thakur/CVE-2019-14234 http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html https://docs.djangoproject.com/en/dev/releases/security https://groups.google.com/forum/#%21topic/django-announce/jIoju2-KLDs https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STVX7X7IDWAH5SKE6MBMY3TEI6ZODBTK https://seclists.org/bugtraq/2019/Aug/15 https://security.gentoo.org/glsa/202004-17 https://security.netapp.com/advisory/ntap- • CWE-20: Improper Input Validation CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 1CVE-2019-14494 – poppler: divide-by-zero in function SplashOutputDev::tilingPatternFill in SplashOutputDev.cc
https://notcve.org/view.php?id=CVE-2019-14494
An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc. Se detectó un problema en Poppler hasta versión 0.78.0. Se presenta un error de división por cero en la función SplashOutputDev::tilingPatternFill en el archivo SplashOutputDev.cc. A divide-by-zero error was found in the way Poppler handled certain PDF files. • https://gitlab.freedesktop.org/poppler/poppler/issues/802 https://gitlab.freedesktop.org/poppler/poppler/merge_requests/317 https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AHYAM32PALHQXL3O4DKIJ3EJB6AKBOVC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLAQBLBIIL3A5XZQYR4MG3Z4LIPIC42P https://usn.ubuntu • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-14464
https://notcve.org/view.php?id=CVE-2019-14464
XMFile::read in XMFile.cpp in milkyplay in MilkyTracker 1.02.00 has a heap-based buffer overflow. XMFile::read in XMFile.cpp in milkyplay in MilkyTracker 1.02.00 tiene un desbordamiento en el heap-bsed. • https://github.com/milkytracker/MilkyTracker/issues/184 https://lists.debian.org/debian-lts-announce/2019/10/msg00029.html https://lists.debian.org/debian-lts-announce/2020/07/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CXYRVXOPO223DAUJHFQCTKQHIZ6XN35P https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HBIIPS2CDMUXJ3CIEPKMEY3D73UZDR3T https://usn.ubuntu.com/4499-1 • CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 0CVE-2019-14463
https://notcve.org/view.php?id=CVE-2019-14463
An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There is an out-of-bounds read for the MODBUS_FC_WRITE_MULTIPLE_REGISTERS case, aka VD-1301. Se descubrió un problema en LIbmodbus anterior a 3.0.7 y 3.1 x anterior a 3.1.5. hay una lectura fuera de límites para el caso MODBUS_FC_WRITE_MULTIPLE_REGISTERS, también conocido como VD_-1301 • https://github.com/stephane/libmodbus/commit/5ccdf5ef79d742640355d1132fa9e2abc7fbaefc https://libmodbus.org/2019/stable-and-development-releases https://lists.debian.org/debian-lts-announce/2021/11/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HAGHQFJTJCMYHW553OUWJ3YIJR6PJHB7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PRAQZXGAZY6UGWZ6CD33QEFLL7AWW233 • CWE-125: Out-of-bounds Read •