Log

CVE-2019-6109 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Content spoofing
Description
+ An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.
References
+ https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
+ https://github.com/openssh/openssh-portable/commit/8976f1c4b2721c26e878151f52bdf346dfe2d54c
Notes
CVE-2019-6111 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Arbitrary file overwrite
Description
+ An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).
References
+ https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
+ https://github.com/openssh/openssh-portable/commit/391ffc4b9d31fa1f4ad566499fef9176ff8a07dc
Notes
CVE-2019-6116 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Sandbox escape
Description
+ It was found that ghostscript could leak sensitive operators on the operand stack when a pseudo-operator pushes a subroutine. A specially crafted PostScript file could use this flaw to escape the -dSAFER protection in order to, for example, have access to the file system and execute commands.
References
+ https://marc.info/?l=oss-security&m=154825433813390
+ https://bugs.chromium.org/p/project-zero/issues/detail?id=1729&desc=2
+ https://bugs.ghostscript.com/show_bug.cgi?id=700317
+ http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=13b0a36f8181db66a91bcc8cea139998b53a8996
+ http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2db98f9c66135601efb103d8db7d020a672308db
+ http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=99f13091a3f309bdc95d275ea9fec10bb9f42d9a
+ http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=59d8f4deef90c1598ff50616519d5576756b4495
+ http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2768d1a6dddb83f5c061207a7ed2813999c1b5c9
+ http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=49c8092da88ef6bb0aa281fe294ae0925a44b5b9
Notes
CVE-2019-6128 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Information disclosure
Description
+ The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.
References
+ https://gitlab.com/libtiff/libtiff/commit/ae0bed1fe530a82faf2e9ea1775109dbf301a971
Notes
CVE-2019-6133 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Authentication bypass
Description
+ In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.
References
+ https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81#0cf68d1183ea5299db7cd71b8377fa3d29e1a63e
Notes
CVE-2019-6212 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ Multiple memory corruption issues have been found in WebKitGTK+ before 2.22.6, where processing maliciously crafted web content may lead to arbitrary code execution.
References
+ https://webkitgtk.org/security/WSA-2019-0001.html#CVE-2019-6212
Notes
CVE-2019-6215 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A type confusion issue has been found in WebKitGTK+ before 2.22.6, where processing maliciously crafted web content may lead to arbitrary code execution.
References
+ https://webkitgtk.org/security/WSA-2019-0001.html#CVE-2019-6215
Notes
CVE-2019-6251 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Content spoofing
Description
+ embed/ephy-web-view.c in GNOME Web (aka Epiphany) through 3.31.4 allows address bar spoofing because a page load triggered by JavaScript leads to updating an address as if it were triggered by a safer visit type (e.g., VISIT_LINK, VISIT_TYPED, VISIT_BOOKMARK, or VISIT_HOMEPAGE). This is similar to the CVE-2018-8383 issue in Microsoft Edge.
References
+ https://gitlab.gnome.org/GNOME/epiphany/issues/532
Notes
CVE-2019-6290 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Denial of service
Description
+ An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, bexpr and cexpr in certain scenarios involving lots of '{' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file.
References
+ https://bugzilla.nasm.us/show_bug.cgi?id=3392548
Notes
CVE-2019-6291 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Denial of service
Description
+ An issue was discovered in the function expr6 in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem caused by the expr6 function making recursive calls to itself in certain scenarios involving lots of '!' or '+' or '-' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file.
References
+ https://bugzilla.nasm.us/show_bug.cgi?id=3392549
Notes