Log

CVE-2019-14812 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Sandbox escape
Description
+ Safer Mode Bypass by .forceput Exposure in setuserparams
References
+ http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33
Notes
CVE-2019-14813 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Sandbox escape
Description
+ Safer Mode Bypass by .forceput Exposure in setsystemparams
References
+ http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33
Notes
CVE-2019-14817 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Sandbox escape
Description
+ Safer Mode Bypass by .forceput Exposure in .pdfexectoken and other procedures.
References
+ http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=cd1b1cacadac2479e291efe611979bdc1b3bdb19
Notes
CVE-2019-15043 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ This vulnerability allows any unauthenticated user/client to access the Grafana snapshot HTTP API and create a denial of service attack by posting large amounts of dashboard snapshot payloads to the /api/snapshotsHTTP API endpoint.
References
+ https://grafana.com/blog/2019/08/29/grafana-5.4.5-and-6.3.4-released-with-important-security-fix/
+ https://github.com/grafana/grafana/commit/be2e2330f5c1f92082841d7eb13c5583143963a4
Notes
CVE-2019-1543 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Information disclosure
Description
+ An issue has been found in OpenSSL <= 1.1.1b, where an application using ChaCha20-Poly1305 could set a non-default nonce length to be longer than 12 bytes and then mistakenly reuse a nonce.
+ ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12 bytes. However it also incorrectly allows a nonce to be set of up to 16 bytes. In this case only the last 12 bytes are significant and any additional leading bytes are ignored.
References
+ https://www.openssl.org/news/secadv/20190306.txt
+ https://github.com/openssl/openssl/commit/f426625b6a
Notes
CVE-2019-1559 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Information disclosure
Description
+ A padding oracle has been found in OpenSSL versions prior to 1.0.2r. This issue does not impact OpenSSL 1.1.1 or 1.1.0. If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data.
+ In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). AEAD ciphersuites are not impacted.
References
+ https://www.openssl.org/news/secadv/20190226.txt
Notes
CVE-2019-15717 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ Use after free when receiving duplicate CAP found.
References
+ https://irssi.org/security/irssi_sa_2019_08.txt
+ https://github.com/irssi/irssi/commit/401fff7c34acaff2f7b0d6ab31bda7fa8cc50df9
Notes
+ Most servers do not send duplicate CAP
CVE-2019-15718 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Access restriction bypass
Description
+ systemd-resolved before v234 does not properly enforce any access control to its dbus methods, allowing any unprivileged user to access its API. An attacker may use this flaw to configure the DNS, the Default Route or other properties of a network link. Those operations should be performed only by an high-privileged user.
References
+ https://bugzilla.redhat.com/show_bug.cgi?id=1746057
+ https://github.com/systemd/systemd/pull/13457/commits/35e528018f315798d3bffcb592b32a0d8f5162bd
Notes
CVE-2019-15846 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary command execution
Description
+ Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.
References
+ https://exim.org/static/doc/security/CVE-2019-15846.txt
Notes
CVE-2019-18511 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Same-origin policy bypass
Description
+ An issue has been found in Thunderbird before 60.7.0, where cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2018-18511
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1526218
Notes