Log

CVE-2019-12781 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Silent downgrade
Description
+ An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP.
References
+ https://docs.djangoproject.com/en/2.2/releases/2.2.3/
+ https://www.openwall.com/lists/oss-security/2019/07/01/3
+ https://github.com/django/django/commit/77706a3e4766da5d5fb75c4db22a0a59a28e6cd6
Notes
CVE-2019-12795 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Authentication bypass
Description
+ daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.)
References
+ https://gitlab.gnome.org/GNOME/gvfs/commit/70dbfc68a79faac49bd3423e079cb6902522082a
Notes
CVE-2019-12874 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ VideoLAN VLC media player 3.0.6 and earlier has a double-free in the zlib_decompress_extra function of the Matroska demuxer in modules/demux/mkv/util.cpp.
References
+ https://www.videolan.org/security/sa1901.html
+ https://git.videolan.org/?p=vlc.git;a=commit;h=81023659c7de5ac2637b4a879195efef50846102
Notes
CVE-2019-12881 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Denial of service
Description
+ i915_gem_userptr_get_pages in drivers/gpu/drm/i915/i915_gem_userptr.c in the Linux kernel 4.15.0 on Ubuntu 18.04.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) or possibly have unspecified other impact via crafted ioctl calls to /dev/dri/card0.
References
+ https://gist.github.com/oxagast/472866fb2c3d439e10499d7141d0a520
Notes
CVE-2019-13045 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ Irssi 1.0.x before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when SASL is enabled, has a use after free when sending SASL login to the server.
References
+ https://irssi.org/security/irssi_sa_2019_06.txt
+ https://www.openwall.com/lists/oss-security/2019/06/29/1
+ https://github.com/irssi/irssi/commit/d23b0d22cc611e43c88d99192a59f413f951a955
Notes
CVE-2019-13226 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Access restriction bypass
Description
+ deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/<block-dev-basename> in the Helper::temporaryMountDevice() function to temporarily mount a file system as root. An unprivileged user can prepare a symlink at this location to have the file system mounted in an arbitrary location. By winning a race condition, the attacker can also enter the mount point, thereby preventing a subsequent unmount of the file system.
References
+ https://github.com/linuxdeepin/deepin-clone/commit/e079f3e2712b4f8c28e3e63e71ba1a1f90fce1ab
+ https://bugzilla.suse.com/show_bug.cgi?id=1130388
+ http://www.openwall.com/lists/oss-security/2019/07/04/1
Notes
CVE-2019-13227 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Arbitrary file overwrite
Description
+ In GUI mode, deepin-clone before 1.1.3 creates a log file at the fixed path /tmp/.deepin-clone.log as root, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker controlled.
References
+ https://github.com/linuxdeepin/deepin-clone/commit/e079f3e2712b4f8c28e3e63e71ba1a1f90fce1ab
+ https://bugzilla.suse.com/show_bug.cgi?id=1130388
+ http://www.openwall.com/lists/oss-security/2019/07/04/1
Notes
CVE-2019-13228 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Privilege escalation
Description
+ deepin-clone before 1.1.3 uses a fixed path /tmp/repo.iso in the BootDoctor::fix() function to download an ISO file, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker controlled. By winning a race condition to replace the /tmp/repo.iso symlink by an attacker controlled ISO file, further privilege escalation may be possible.
References
+ https://github.com/linuxdeepin/deepin-clone/commit/e079f3e2712b4f8c28e3e63e71ba1a1f90fce1ab
+ https://bugzilla.suse.com/show_bug.cgi?id=1130388
+ http://www.openwall.com/lists/oss-security/2019/07/04/1
Notes
CVE-2019-13229 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Arbitrary file overwrite
Description
+ deepin-clone before 1.1.3 uses a fixed path /tmp/partclone.log in the Helper::getPartitionSizeInfo() function to write a log file as root, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker controlled.
References
+ https://github.com/linuxdeepin/deepin-clone/commit/e079f3e2712b4f8c28e3e63e71ba1a1f90fce1ab
+ https://bugzilla.suse.com/show_bug.cgi?id=1130388
+ https://www.openwall.com/lists/oss-security/2019/07/04/1
Notes
CVE-2019-13615 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Information disclosure
Description
+ Not an issue in vlc, the issue was in libebml and was fixed in 1.3.6.
References
+ https://trac.videolan.org/vlc/ticket/22474
Notes
+ Initial description was: A heap-based out-of-bounds read has been found in the mkv::demux_sys_t::FreeUnused() function of VLC <= 3.0.7.1.