CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 0CVE-2019-14462
https://notcve.org/view.php?id=CVE-2019-14462
An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1.5. There is an out-of-bounds read for the MODBUS_FC_WRITE_MULTIPLE_COILS case, aka VD-1302. Un problema fue descubierto en LIbmodbus anterior a 3.0.7 y 3.1 x anterior a 3.1.5. hay lectura fuera de límites para el caso MODBUS_FC_WRITE_MULTIPLE_COILS , también conocido como VD-1302 • https://github.com/stephane/libmodbus/commit/5ccdf5ef79d742640355d1132fa9e2abc7fbaefc https://libmodbus.org/2019/stable-and-development-releases https://lists.debian.org/debian-lts-announce/2021/11/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HAGHQFJTJCMYHW553OUWJ3YIJR6PJHB7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PRAQZXGAZY6UGWZ6CD33QEFLL7AWW233 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 1CVE-2019-14459
https://notcve.org/view.php?id=CVE-2019-14459
nfdump 1.6.17 and earlier is affected by an integer overflow in the function Process_ipfix_template_withdraw in ipfix.c that can be abused in order to crash the process remotely (denial of service). nfdump 1.6.17 y versiones anteriores se ven afectadas por un desbordamiento de enteros en la función Process_ipfix_template_withdraw en ipfix.c que se puede abusar para bloquear el proceso de forma remota (denegación de servicio). • https://github.com/phaag/nfdump/commit/3b006ededaf351f1723aea6c727c9edd1b1fff9b https://github.com/phaag/nfdump/issues/171 https://lists.debian.org/debian-lts-announce/2020/09/msg00021.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ULSZMKA7P7REJMANVL7D6WMZ2L7IRSET https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTONOGJU5FSMFNRCT6OHXYUMDRKH4RPA https://security.gentoo.org/glsa/202003-17 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 45EXPL: 1CVE-2019-14439 – jackson-databind: Polymorphic typing issue related to logback/JNDI
https://notcve.org/view.php?id=CVE-2019-14439
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath. Se detectó un problema de escritura polimórfica en jackson-databind de FasterXML versiones 2.x anteriores a 2.9.9.2. Esto ocurre cuando la Escritura Predeterminada está habilitada (globalmente o para una propiedad específica) para un endpoint JSON expuesto externamente y el servicio tiene el jar de logback en el classpath. • https://github.com/jas502n/CVE-2019-14439 https://access.redhat.com/errata/RHSA-2019:3200 https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2 https://github.com/FasterXML/jackson-databind/issues/2389 https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3E https://lists.apache.org/thread.html/2d2a76440becb610b9 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 1%CPEs: 61EXPL: 0CVE-2019-14379 – jackson-databind: default typing mishandling leading to remote code execution
https://notcve.org/view.php?id=CVE-2019-14379
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution. El archivo SubTypeValidator.java en jackson-databind de FasterXML en versiones anteriores a la 2.9.9.2 maneja inapropiadamente la escritura predeterminada cuando se usa ehcache (debido a net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), lo que conlleva a la ejecución de código remoto. A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache and logback JNDI gadgets when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code. • http://seclists.org/fulldisclosure/2022/Mar/23 https://access.redhat.com/errata/RHBA-2019:2824 https://access.redhat.com/errata/RHSA-2019:2743 https://access.redhat.com/errata/RHSA-2019:2858 https://access.redhat.com/errata/RHSA-2019:2935 https://access.redhat.com/errata/RHSA-2019:2936 https://access.redhat.com/errata/RHSA-2019:2937 https://access.redhat.com/errata/RHSA-2019:2938 https://access.redhat.com/errata/RHSA-2019:2998 https://access.redhat.com/errata/RHSA-2 • CWE-502: Deserialization of Untrusted Data CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 2CVE-2019-14267 – pdfresurrect 0.15 - Buffer Overflow
https://notcve.org/view.php?id=CVE-2019-14267
PDFResurrect 0.15 has a buffer overflow via a crafted PDF file because data associated with startxref and %%EOF is mishandled. PDFResurrect versión 0.15, presenta un desbordamiento de búfer por medio de un archivo PDF especialmente diseñado debido a que los datos asociados con startxref y %%EOF se manejan inapropiadamente. pdfresurrect version 0.15 suffers from a buffer overflow vulnerability. • https://www.exploit-db.com/exploits/47178 http://packetstormsecurity.com/files/153767/pdfresurrect-0.15-Buffer-Overflow.html https://github.com/enferex/pdfresurrect/commits/master https://github.com/snappyJack/pdfresurrect_CVE-2019-14267 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4DBYXYU2VSDJ3NAL54IW2KYD3TZSR33M https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LXN6W5QTNQJ2LFDCQWKYSMMZ3NPUWP3U https://lists.fedoraproject.org/archives/list/pa • CWE-787: Out-of-bounds Write •