Log

CVE-2018-10851 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ An issue has been found in PowerDNS Authoritative Server before 4.1.5 and PowerDNS Recursor before 4.1.5. The issue is due to the fact that some memory is allocated before the parsing and is not always properly released if the record is malformed.
+ In the authoritative server case, it allows an authorized user to cause a memory leak by inserting a specially crafted record in a zone under their control, then sending a DNS query for that record. In the case of the recursor, it allows a malicious authoritative server to cause a memory leak by sending specially crafted records.
References
+ https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-03.html
+ https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-04.html
Notes
CVE-2018-10857 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary filesystem access
Description
+ Some uses of git-annex were vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the git-annex repository, or content from a private web server on localhost or the LAN.
References
+ https://git-annex.branchable.com/security/CVE-2018-10857_and_CVE-2018-10859/
+ https://git.joeyh.name/index.cgi/git-annex.git/commit/?id=b54b2cdc0ef1373fc200c0d28fded3c04fd57212
Notes
CVE-2018-10859 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Information disclosure
Description
+ A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user's gpg key. This attack could be used to expose encrypted data that was never stored in git-annex
References
+ https://git-annex.branchable.com/security/CVE-2018-10857_and_CVE-2018-10859/
Notes
CVE-2018-10895 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ Due to a CSRF vulnerability affecting the qute://settings page, it was possible for websites to modify qutebrowser settings. Via settings like 'editor.command', this possibly allowed websites to execute arbitrary code.
References
+ https://github.com/qutebrowser/qutebrowser/commit/43e58ac865ff862c2008c510fc5f7627e10b4660
+ https://github.com/qutebrowser/qutebrowser/issues/4060
Notes
CVE-2018-10900 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Privilege escalation
Description
+ When initiating a VPNC connection, Network Manager spawns a new vpnc process and passes the configuration via STDIN. By injecting a \n character into a configuration parameter, an attacker can coerce Network Manager to set the Password helper option to an attacker controlled executable file.
References
+ https://gitlab.gnome.org/GNOME/NetworkManager-vpnc/commit/07ac18a32b4
+ https://download.gnome.org/sources/NetworkManager-vpnc/1.2/NetworkManager-vpnc-1.2.6.news
+ https://marc.info/?l=oss-security&m=153207963021874
Notes
CVE-2018-10933 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Authentication bypass
Description
+ An authentication bypass vulnerability has been discovered in libssh versions prior to 0.7.6 and 0.8.4, in the server-side state machine. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, the attacker could successfully authenticate without any credentials, resulting in unauthorized access.
References
+ https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/
+ https://www.libssh.org/security/advisories/CVE-2018-10933.txt
+ https://git.libssh.org/projects/libssh.git/commit/?id=2bddafeb709eacc80ad31fec40479f9b628a8bd7
+ https://git.libssh.org/projects/libssh.git/commit/?id=825f4ba96407abe8cebb046a7503fa2bf5de9df6
+ https://git.libssh.org/projects/libssh.git/commit/?id=20981bf2296202e95d7919394d4610ae3a876cfa
+ https://git.libssh.org/projects/libssh.git/commit/?id=5d7414467d6dac100a93df761b06de5cd07fc69a
+ https://git.libssh.org/projects/libssh.git/commit/?id=459868c4a57d2d11cf7835655a8d1a5cf034ccb4
+ https://git.libssh.org/projects/libssh.git/commit/?id=68b0c7a93448123cc0d6a04d3df40d92a3fd0a67
+ https://git.libssh.org/projects/libssh.git/commit/?id=75be012b4a14f4550ce6ad3f126e559f44dbde76
+ https://git.libssh.org/projects/libssh.git/commit/?id=e1548a71bdac73da084174ab1d6d2713edd93f6e
Notes
CVE-2018-10963 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF before 4.0.10 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file.
References
+ http://bugzilla.maptools.org/show_bug.cgi?id=2795
+ https://gitlab.com/libtiff/libtiff/commit/de144fd228e4be8aa484c3caf3d814b6fa88c6d9
Notes
+ A different vulnerability than CVE-2017-13726.
CVE-2018-1100 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Arbitrary code execution
Description
+ A stack-based buffer overflow has been found in zsh <= 5.4.2, in the checkmailpath() function, where unchecked strings from the MAILCHECK variable are copied to a buffer. A local, unprivileged user can create a specially crafted message file, which, if used to set a custom "you have new mail" message, leads to code execution in the context of the user who receives the message. If the user affected is privileged, this leads to privilege escalation.
References
+ https://www.zsh.org/mla/workers/2018/msg00411.html
+ https://sourceforge.net/p/zsh/code/ci/31f72205630687c1cef89347863aab355296a27f/
Notes
CVE-2018-1120 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Denial of service
Description
+ A denial of service has been found in Linux <= 4.16.9. An attacker can block any read() access to /proc/PID/cmdline by mmap()ing a FUSE file (Filesystem in Userspace) onto this process's command-line arguments. The attacker can therefore block pgrep, pidof, pkill, ps, and w, either forever (a denial of service), or for some controlled time (a synchronization tool for exploiting other vulnerabilities).
References
+ https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7f7ccc2ccc2e70c6054685f5e3522efa81556830
Notes
+ Fixed in v4.17
CVE-2018-1121 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Local
Type
+ Content spoofing
Description
+ A security issue has been found in Linux <= 4.16.9, where an unprivileged attacker can hide a process from procps-ng's utilities by exploiting either a denial of service (a rather noisy method) or a race condition inherent in reading /proc/PID entries (a stealthier method).
References
+ https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
Notes