Log

CVE-2019-13917 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain).
References
+ https://seclists.org/oss-sec/2019/q3/63
+ https://lists.exim.org/lurker/message/20190725.090419.d506f736.en.html
Notes
CVE-2019-14232 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ If ``django.utils.text.Truncator``'s ``chars()`` and ``words()`` methods were passed the ``html=True`` argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The ``chars()`` and ``words()`` methods are used to implement the ``truncatechars_html`` and ``truncatewords_html`` template filters, which were thus vulnerable. The regular expressions used by ``Truncator`` have been simplified in order to avoid potential backtracking issues. As a consequence, trailing punctuation may now at times be included in the truncated output.
References
+ https://docs.djangoproject.com/en/dev/releases/1.11.23/
+ https://github.com/django/django/commit/7f65974f8219729c047fbbf8cd5cc9d80faefe77
Notes
CVE-2019-14233 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ Due to the behavior of the underlying HTMLParser, django.utils.html.strip_tags() would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities. The strip_tags() method is used to implement the corresponding striptags template filter, which was thus also vulnerable. strip_tags() now avoids recursive calls to HTMLParser when progress removing tags, but necessarily incomplete HTML entities, stops being made
References
+ https://docs.djangoproject.com/en/dev/releases/1.11.23/
+ https://github.com/django/django/commit/4b78420d250df5e21763633871e486ee76728cc4
Notes
CVE-2019-14234 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Sql injection
Description
+ Key and index lookups for JSONField and key lookups for HStoreField were subject to SQL injection, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to QuerySet.filter().
References
+ https://github.com/django/django/commit/7deeabc7c7526786df6894429ce89a9c4b614086
Notes
CVE-2019-14235 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ If passed certain inputs, django.utils.encoding.uri_to_iri() could lead to significant memory usage due to excessive recursion when re-percent encoding invalid UTF-8 octet sequences.
References
+ https://github.com/django/django/commit/76ed1c49f804d409cfc2911a890c78584db3c76e
Notes
CVE-2019-14809 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Insufficient validation
Description
+ An issue has been found in Go before 1.12.8, where url.Parse would accept URLs with malformed hosts, such that the Host field could have arbitrary suffixes that would appear in neither Hostname() nor Port(), allowing authorization bypasses in certain applications. Note that URLs with invalid, not numeric ports will now return an error from url.Parse.
References
+ https://golang.org/issue/29098
Notes
CVE-2019-14811 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Sandbox escape
Description
+ Safer Mode Bypass by .forceput Exposure in .pdf_hook_DSC_Creator.
References
+ http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33
Notes
CVE-2019-14812 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Sandbox escape
Description
+ Safer Mode Bypass by .forceput Exposure in setuserparams
References
+ http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33
Notes
CVE-2019-14813 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Sandbox escape
Description
+ Safer Mode Bypass by .forceput Exposure in setsystemparams
References
+ http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33
Notes
CVE-2019-14817 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Sandbox escape
Description
+ Safer Mode Bypass by .forceput Exposure in .pdfexectoken and other procedures.
References
+ http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=cd1b1cacadac2479e291efe611979bdc1b3bdb19
Notes