Log

CVE-2018-8905 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ In LibTIFF before 4.0.10, a heap-based buffer overflow (out-of-bounds write) occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by the tiff2ps tool.
References
+ http://bugzilla.maptools.org/show_bug.cgi?id=2780
+ https://gitlab.com/libtiff/libtiff/commit/58a898cb4459055bb488ca815c23b880c242a27d
Notes
CVE-2018-9234 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Local
Type
+ Insufficient validation
Description
+ When using a GnuPG smartcard in 2.2.4+ with an offline master [C]ertify key, it is possible to sign the keys of others with only a [S]igning subkey present.
References
+ https://bugs.archlinux.org/task/58120
+ https://dev.gnupg.org/T3844
+ https://dev.gnupg.org/rGa17d2d1f690ebe5d005b4589a5fe378b6487c657
Notes
CVE-2018-9251 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ A security issue has been found in libxml2 <= 2.9.8 compiled with LZMA support enabled, in the xz_decomp function in xzlib.c. This flaw allows a remote attacker to cause a denial of service via an infinite loop, using a crafted XML payload that triggers LZMA_MEMLIMIT_ERROR.
References
+ https://bugzilla.gnome.org/show_bug.cgi?id=794914
+ https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74
Notes
CVE-2018-9846 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary command execution
Description
+ In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled "_uid" parameter (in an archive.php _task=mail&_mbox=INBOX&_action=plugin.move2archive request) to perform an MX (IMAP) injection attack by placing an IMAP command after a %0d%0a sequence. NOTE: this is less easily exploitable in 1.3.4 and later because of a Same Origin Policy protection mechanism.
References
+ https://github.com/roundcube/roundcubemail/issues/6229
+ https://github.com/roundcube/roundcubemail/issues/6238
+ https://medium.com/@ndrbasi/cve-2018-9846-roundcube-303097048b0a
+ https://roundcube.net/news/2018/04/11/security-update-1.3.6
Notes
CVE-2019-0053 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ inetutils <= 1.9.7 contains a stack overflow vulnerability in the client-side environment variable handling which can be exploited to escape restricted shells on embedded devices. A stack-based overflow is present in the handling of environment variables when connecting telnet.c to remote telnet servers through oversized DISPLAY arguments.
References
+ https://raw.githubusercontent.com/hackerhouse-opensource/exploits/master/inetutils-telnet.txt
Notes
CVE-2019-0190 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Denial of service
Description
+ A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to handling of renegotiation attempts.
References
+ https://httpd.apache.org/security/vulnerabilities_24.html#2.4.38
Notes
CVE-2019-0196 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ A use-after-free issue has been found in the http/2 request handling code of Apache HTTPd <= 2.4.18 and <= 2.4.38. Using crafted network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.
References
+ https://httpd.apache.org/security/vulnerabilities_24.html
Notes
CVE-2019-0197 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ An issue has been found in Apache HTTPd >= 2.4.34 and <= 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. A server that never enabled the h2 protocol or that only enabled it for https: and did not configure the "H2Upgrade on" is unaffected by this.
References
+ https://httpd.apache.org/security/vulnerabilities_24.html
Notes
CVE-2019-0203 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Denial of service
Description
+ A null-pointer-dereference has been found in svnserve that results in a remote unauthenticated Denial-of-Service in some server configurations. The vulnerability can be triggered by an unauthenticated user if the server is configured with anonymous access enabled.
References
+ http://subversion.apache.org/security/CVE-2019-0203-advisory.txt
Notes
+ The problem originates in opening a new connection to svnserve. On failure to find the specified repository or to be authorized to access it, svnserve logs and reports the error, but also keeps the connection open despite its incomplete initialization. If the client sends any further command on the same connection, then a null-pointer-dereference occurs in svnserve.
CVE-2019-0211 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Privilege escalation
Description
+ In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard.
References
+ https://httpd.apache.org/security/vulnerabilities_24.html
Notes