Log

CVE-2019-5862 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Access restriction bypass
Description
+ An issue with AppCache not being robust to compromised renderers has been found in Chromium before 76.0.3809.87.
References
+ https://chromereleases.googleblog.com/2019/07/stable-channel-update-for-desktop_30.html
+ https://crbug.com/946260
Notes
CVE-2019-5864 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Access restriction bypass
Description
+ An insufficient port filtering in CORS for extensions issue has been found in Chromium before 76.0.3809.87.
References
+ https://chromereleases.googleblog.com/2019/07/stable-channel-update-for-desktop_30.html
+ https://crbug.com/936900
Notes
CVE-2019-5865 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Access restriction bypass
Description
+ A site isolation bypass from a compromised renderer has been found in Chromium before 76.0.3809.87.
References
+ https://chromereleases.googleblog.com/2019/07/stable-channel-update-for-desktop_30.html
+ https://crbug.com/973103
Notes
CVE-2019-5867 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ An out-of-bounds read has been found in the V8 component of the chromium browser before 76.0.3809.100.
References
+ https://chromereleases.googleblog.com/2019/08/stable-channel-update-for-desktop.html
+ https://crbug.com/984344
Notes
CVE-2019-5868 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A use-after-free issue has been found in PDFium's ExecuteFieldAction, in the chromium browser before 76.0.3809.100.
References
+ https://chromereleases.googleblog.com/2019/08/stable-channel-update-for-desktop.html
+ https://crbug.com/983867
Notes
CVE-2019-5882 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Denial of service
Description
+ A use-after-free vulnerability has been found in irssi before 1.1.2, when hidden lines were expired from the scroll buffer.
References
+ https://marc.info/?l=oss-security&m=154711952322177
+ https://irssi.org/security/irssi_sa_2019_01.txt
+ https://github.com/irssi/irssi/pull/948
Notes
+ Apparently fixed in PR 948, not sure why 919 is referenced here? Fixed
+
+ Note that this bug will never be triggered if lines are never hidden (no usage of /window hidelevel).
CVE-2019-5885 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Private key recovery
Description
+ matrix-synapse before 0.34.1 is vulnerable to private key recovery as synapse will attempt to derive a secret key from other secrets specified in the configuration file for "macaroon_secret_key". However, in all versions of Synapse up to and including 0.34.0, this process was faulty and a predictable value was used instead.
References
+ https://matrix.org/blog/2019/01/15/further-details-on-critical-security-update-in-synapse-affecting-all-versions-prior-to-0-34-1-cve-2019-5885/
Notes
CVE-2019-6109 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Content spoofing
Description
+ An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.
References
+ https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
+ https://github.com/openssh/openssh-portable/commit/8976f1c4b2721c26e878151f52bdf346dfe2d54c
Notes
CVE-2019-6111 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Arbitrary file overwrite
Description
+ An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).
References
+ https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
+ https://github.com/openssh/openssh-portable/commit/391ffc4b9d31fa1f4ad566499fef9176ff8a07dc
Notes
CVE-2019-6116 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Sandbox escape
Description
+ It was found that ghostscript could leak sensitive operators on the operand stack when a pseudo-operator pushes a subroutine. A specially crafted PostScript file could use this flaw to escape the -dSAFER protection in order to, for example, have access to the file system and execute commands.
References
+ https://marc.info/?l=oss-security&m=154825433813390
+ https://bugs.chromium.org/p/project-zero/issues/detail?id=1729&desc=2
+ https://bugs.ghostscript.com/show_bug.cgi?id=700317
+ http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=13b0a36f8181db66a91bcc8cea139998b53a8996
+ http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2db98f9c66135601efb103d8db7d020a672308db
+ http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=99f13091a3f309bdc95d275ea9fec10bb9f42d9a
+ http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=59d8f4deef90c1598ff50616519d5576756b4495
+ http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2768d1a6dddb83f5c061207a7ed2813999c1b5c9
+ http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=49c8092da88ef6bb0aa281fe294ae0925a44b5b9
Notes