CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 1CVE-2019-13619
https://notcve.org/view.php?id=CVE-2019-13619
In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments. En Wireshark versiones 3.0.0 hasta 3.0.2, versiones 2.6.0 hasta 2.6.9 y versiones 2.4.0 hasta 2.4.15, el disector ASN.1 BER y los disectores relacionados podrían bloquearse. Esto se abordó en el archivo epan/asn1.c mediante la restricción apropiada de los incrementos del búfer. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00068.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/109293 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15870 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=7e90aed666e809c0db5de9d1816802a7dcea28d9 https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/m • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 1CVE-2019-9849 – libreoffice: Remote resources protection module not applied to bullet graphics
https://notcve.org/view.php?id=CVE-2019-9849
LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where bullet graphics were omitted from this protection prior to version 6.2.5. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5. LibreOffice presenta un "stealth mode" en el que solo los documentos desde ubicaciones consideradas "trusted" pueden recuperar recursos remotos. • https://github.com/mbadanoiu/CVE-2019-9849 http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html http://www.securityfocus.com/bid/109374 https://lists.debian.org/debian-lts-announce/2019/10/msg00005.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PMEGUWMWORC3DOVEHVXLFT3A5RSCMLBH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 17%CPEs: 9EXPL: 0CVE-2019-9848 – libreoffice: LibreLogo script can be manipulated into executing arbitrary python commands
https://notcve.org/view.php?id=CVE-2019-9848
LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary python commands. By using the document event feature to trigger LibreLogo to execute python contained within a document a malicious document could be constructed which would execute arbitrary python commands silently without warning. In the fixed versions, LibreLogo cannot be called from a document event handler. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html http://www.securityfocus.com/bid/109374 https://lists.debian.org/debian-lts-announce/2019/10/msg00005.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PMEGUWMWORC3DOVEHVXLFT3A5RSCMLBH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XPTZJCNN52VNGSVC5DFKVW3EDMRDWKMP https://seclists.org&#x • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-10191
https://notcve.org/view.php?id=CVE-2019-10191
A vulnerability was discovered in DNS resolver of knot resolver before version 4.1.0 which allows remote attackers to downgrade DNSSEC-secure domains to DNSSEC-insecure state, opening possibility of domain hijack using attacks against insecure DNS protocol. Se detectó una vulnerabilidad en la resolución de DNS de knot resolver anteriores a la versión 4.1.0, que permite a los atacantes remotos degradar los dominios seguros de DNSSEC a un estado no seguro de DNSSEC, abriendo la posibilidad de un secuestro de dominio mediante el uso de ataques contra el protocolo DNS no seguro. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10191 https://lists.debian.org/debian-lts-announce/2024/04/msg00017.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMSSWBHINIX4WE6UDXWM66L7JYEK6XS6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZV5YZZ5766UIG2TFLFJL6EESQNAP5X5 https://www.knot-resolver.cz/2019-07-10-knot-resolver-4.1.0.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-10190
https://notcve.org/view.php?id=CVE-2019-10190
A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allows remote attackers to bypass DNSSEC validation for non-existence answer. NXDOMAIN answer would get passed through to the client even if its DNSSEC validation failed, instead of sending a SERVFAIL packet. Caching is not affected by this particular bug but see CVE-2019-10191. Se detectó una vulnerabilidad en el componente de resolución de DNS de knot resolver hasta la versión 3.2.0 anterior a 4.1.0, que permite a los atacantes remotos omitir la comprobación DNSSEC para una respuesta de no existencia. La respuesta NXDOMAIN se pasaría hacia el cliente incluso si fallara la comprobación DNSSEC, en lugar de enviar un paquete SERVFAIL. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10190 https://lists.debian.org/debian-lts-announce/2024/04/msg00017.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMSSWBHINIX4WE6UDXWM66L7JYEK6XS6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZV5YZZ5766UIG2TFLFJL6EESQNAP5X5 https://www.knot-resolver.cz/2019-07-10-knot-resolver-4.1.0.html • CWE-20: Improper Input Validation •