Log

CVE-2019-11752 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ In Firefox before 69.0, it is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a use-after-free and a potentially exploitable crash.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11752
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1501152
Notes
CVE-2019-12209 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Information disclosure
Description
+ A symbolic link attack has been found in pam-u2f before 1.8.0. The file `$HOME/.config/Yubico/u2f_keys` is blindly followed by the PAM module. It can be a symlink pointing to an arbitrary file. The PAM module only rejects non-regular files and files owned by other users than root or the to-be-authenticated user. Even these checks are only made after open()'ing the file, which may already trigger certain logic in the kernel that is otherwise not reachable to regular users.
+
+ If the PAM modules' `debug` option is also enabled then most of the content of the file is written either to stdout, stderr, syslog or to the defined debug file. Therefore this can pose an information leak to access e.g. the contents of /etc/shadow, /root/.bash_history or similar sensitive files. Furthermore the symlink attack can be used to use other
+ users' u2f_keys files in the authentication process.
References
+ https://seclists.org/oss-sec/2019/q2/149
+ https://github.com/Yubico/pam-u2f/commit/7db3386fcdb454e33a3ea30dcfb8e8960d4c3aa3
Notes
CVE-2019-12210 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Information disclosure
Description
+ A file descriptor leak has been found in pam-u2f before 1.8.0. If the `debug` and `debug_file` options are set then the opened debug file will be inherited to the successfully authenticated user's process. Therefore this user can write further information to it, possibly filling up a privileged file system or manipulating the information found in the debug file.
+ This can leak sensitive information and also, if written to, be used to fill the disk or plant misinformation.
References
+ https://seclists.org/oss-sec/2019/q2/149
+ https://github.com/Yubico/pam-u2f/commit/18b1914e32b74ff52000f10e97067e841e5fff62
Notes
CVE-2019-12308 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Cross-site scripting
Description
+ The clickable "Current URL" link generated by AdminURLFieldWidget displayed the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provided as a URL query parameter payload, could result in an clickable JavaScript link.
+
+ AdminURLFieldWidget now validates the provided value using URLValidator before displaying the clickable link. You may customise the validator by passing a validator_class kwarg to AdminURLFieldWidget.__init__(), e.g. when using ModelAdmin.formfield_overrides.
References
+ https://github.com/django/django/commit/afddabf8428ddc89a332f7a78d0d21eaf2b5a673
+ https://github.com/django/django/commit/c238701859a52d584f349cce15d56c8e8137c52b
Notes
CVE-2019-12447 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Privilege escalation
Description
+ An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used.
References
+ https://gitlab.gnome.org/GNOME/gvfs/commit/daf1163aba229afcfddf0f925aef7e97047e8959
+ https://gitlab.gnome.org/GNOME/gvfs/commit/3895e09d784ebec0fbc4614d5c37068736120e1d
Notes
CVE-2019-12448 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Privilege escalation
Description
+ An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement query_info_on_read/write.
References
+ https://gitlab.gnome.org/GNOME/gvfs/commit/5cd76d627f4d1982b6e77a0e271ef9301732d09e
Notes
CVE-2019-12449 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Privilege escalation
Description
+ An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable.
References
+ https://gitlab.gnome.org/GNOME/gvfs/commit/d5dfd823c94045488aef8727c553f1e0f7666b90
+ https://www.openwall.com/lists/oss-security/2019/07/09/3
Notes
CVE-2019-12527 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ Due to incorrect buffer management Squid versions prior to 4.8 are vulnerable to a heap overflow and possible remote code execution attack when processing HTTP Authentication credentials.
References
+ http://www.squid-cache.org/Advisories/SQUID-2019_5.txt
+ http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch
Notes
CVE-2019-12735 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.
References
+ https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040
Notes
CVE-2019-12749 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Access restriction bypass
Description
+ It has been discovered that dbus before 1.12.16 allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. This issue only affects the DBUS_COOKIE_SHA1 authentication mechanism.
+ A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.
References
+ https://www.openwall.com/lists/oss-security/2019/06/11/2
+ https://gitlab.freedesktop.org/dbus/dbus/issues/269
+ https://gitlab.freedesktop.org/dbus/dbus/commit/47b1a4c41004bf494b87370987b222c934b19016
Notes