Log

CVE-2019-5867 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ An out-of-bounds read has been found in the V8 component of the chromium browser before 76.0.3809.100.
References
+ https://chromereleases.googleblog.com/2019/08/stable-channel-update-for-desktop.html
+ https://crbug.com/984344
Notes
CVE-2019-5868 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A use-after-free issue has been found in PDFium's ExecuteFieldAction, in the chromium browser before 76.0.3809.100.
References
+ https://chromereleases.googleblog.com/2019/08/stable-channel-update-for-desktop.html
+ https://crbug.com/983867
Notes
CVE-2019-5882 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Denial of service
Description
+ A use-after-free vulnerability has been found in irssi before 1.1.2, when hidden lines were expired from the scroll buffer.
References
+ https://marc.info/?l=oss-security&m=154711952322177
+ https://irssi.org/security/irssi_sa_2019_01.txt
+ https://github.com/irssi/irssi/pull/948
Notes
+ Apparently fixed in PR 948, not sure why 919 is referenced here? Fixed
+
+ Note that this bug will never be triggered if lines are never hidden (no usage of /window hidelevel).
CVE-2019-5885 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Private key recovery
Description
+ matrix-synapse before 0.34.1 is vulnerable to private key recovery as synapse will attempt to derive a secret key from other secrets specified in the configuration file for "macaroon_secret_key". However, in all versions of Synapse up to and including 0.34.0, this process was faulty and a predictable value was used instead.
References
+ https://matrix.org/blog/2019/01/15/further-details-on-critical-security-update-in-synapse-affecting-all-versions-prior-to-0-34-1-cve-2019-5885/
Notes
CVE-2019-6109 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Content spoofing
Description
+ An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.
References
+ https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
+ https://github.com/openssh/openssh-portable/commit/8976f1c4b2721c26e878151f52bdf346dfe2d54c
Notes
CVE-2019-6111 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Arbitrary file overwrite
Description
+ An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).
References
+ https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
+ https://github.com/openssh/openssh-portable/commit/391ffc4b9d31fa1f4ad566499fef9176ff8a07dc
Notes
CVE-2019-6116 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Sandbox escape
Description
+ It was found that ghostscript could leak sensitive operators on the operand stack when a pseudo-operator pushes a subroutine. A specially crafted PostScript file could use this flaw to escape the -dSAFER protection in order to, for example, have access to the file system and execute commands.
References
+ https://marc.info/?l=oss-security&m=154825433813390
+ https://bugs.chromium.org/p/project-zero/issues/detail?id=1729&desc=2
+ https://bugs.ghostscript.com/show_bug.cgi?id=700317
+ http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=13b0a36f8181db66a91bcc8cea139998b53a8996
+ http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2db98f9c66135601efb103d8db7d020a672308db
+ http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=99f13091a3f309bdc95d275ea9fec10bb9f42d9a
+ http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=59d8f4deef90c1598ff50616519d5576756b4495
+ http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2768d1a6dddb83f5c061207a7ed2813999c1b5c9
+ http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=49c8092da88ef6bb0aa281fe294ae0925a44b5b9
Notes
CVE-2019-6128 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Information disclosure
Description
+ The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.
References
+ https://gitlab.com/libtiff/libtiff/commit/ae0bed1fe530a82faf2e9ea1775109dbf301a971
Notes
CVE-2019-6133 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Authentication bypass
Description
+ In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.
References
+ https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81#0cf68d1183ea5299db7cd71b8377fa3d29e1a63e
Notes
CVE-2019-6212 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ Multiple memory corruption issues have been found in WebKitGTK+ before 2.22.6, where processing maliciously crafted web content may lead to arbitrary code execution.
References
+ https://webkitgtk.org/security/WSA-2019-0001.html#CVE-2019-6212
Notes