CVE-2019-3955
published 2019-06-07CVE-2019-3955: Dameware Remote Mini Control version 12.1.0.34 and prior contains a unauthenticated remote heap overflow due to the server not properly validating RsaPubKeyLen…
PriorityP353high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
19.13%
97.0th percentile
Dameware Remote Mini Control version 12.1.0.34 and prior contains a unauthenticated remote heap overflow due to the server not properly validating RsaPubKeyLen during key negotiation. An unauthenticated remote attacker can cause a heap buffer overflow by specifying a large RsaPubKeyLen, which could cause a denial of service.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dameware | remote_mini_control | <= 12.1.0.34 | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2019-13724 chromium-browser: out-of-bounds access in bluetooth
bugzilla·2019-11-21·CVSS 8.8
CVE-2019-13724 [HIGH] CVE-2019-13724 chromium-browser: out-of-bounds access in bluetooth
CVE-2019-13724 chromium-browser: out-of-bounds access in bluetooth
Out-of-bounds access in Bluetooth.
References:
https://chromereleases.googleblog.com/2019/11/stable-channel-update-for-desktop_18.html
https://bugs.chromium.org/p/chromium/issues/detail?id=1024116
Discussion:
Created chromium tracking bugs for this issue:
Affects: epel-7 [bug 1775352]
Affects: fedora-all [bug 1775353]
---
Upstream commit for blink/chromium:
https://chromium.googlesource.com/chromium/src.git/+/2211f99710a932ac0c2333af213f21fdc66b8f36
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2019:3955 https://access.redhat.com/errata/RHSA-2019:3955
---
This bug is now closed. Further updates for individual products will be reflected on the CVE
Bugzilla
CVE-2019-13723 chromium-browser: use-after-free in bluetooth
bugzilla·2019-11-21·CVSS 8.8
CVE-2019-13723 [HIGH] CVE-2019-13723 chromium-browser: use-after-free in bluetooth
CVE-2019-13723 chromium-browser: use-after-free in bluetooth
Use-after-free in Bluetooth.
Reference:
https://chromereleases.googleblog.com/2019/11/stable-channel-update-for-desktop_18.html
https://bugs.chromium.org/p/chromium/issues/detail?id=1024121
Discussion:
Created chromium tracking bugs for this issue:
Affects: epel-7 [bug 1775341]
Affects: fedora-all [bug 1775342]
---
Upstream patch for blink/chromium:
https://chromium.googlesource.com/chromium/src.git/+/471ac08ef7cd7e66765829550fa232ca0062f34c
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2019:3955 https://access.redhat.com/errata/RHSA-2019:3955
---
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
http
2019-06-07
Published