Log

CVE-2019-6215 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A type confusion issue has been found in WebKitGTK+ before 2.22.6, where processing maliciously crafted web content may lead to arbitrary code execution.
References
+ https://webkitgtk.org/security/WSA-2019-0001.html#CVE-2019-6215
Notes
CVE-2019-6251 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Content spoofing
Description
+ embed/ephy-web-view.c in GNOME Web (aka Epiphany) through 3.31.4 allows address bar spoofing because a page load triggered by JavaScript leads to updating an address as if it were triggered by a safer visit type (e.g., VISIT_LINK, VISIT_TYPED, VISIT_BOOKMARK, or VISIT_HOMEPAGE). This is similar to the CVE-2018-8383 issue in Microsoft Edge.
References
+ https://gitlab.gnome.org/GNOME/epiphany/issues/532
Notes
CVE-2019-6290 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Denial of service
Description
+ An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, bexpr and cexpr in certain scenarios involving lots of '{' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file.
References
+ https://bugzilla.nasm.us/show_bug.cgi?id=3392548
Notes
CVE-2019-6291 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Denial of service
Description
+ An issue was discovered in the function expr6 in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem caused by the expr6 function making recursive calls to itself in certain scenarios involving lots of '!' or '+' or '-' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file.
References
+ https://bugzilla.nasm.us/show_bug.cgi?id=3392549
Notes
CVE-2019-6454 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Denial of service
Description
+ It was found that bus_process_object() in bus-objects.c allocates a buffer on the stack large enough to temporarily store the object path specified in the incoming message. A malicious unprivileged local user to send a message which results in the stack pointer moving outside of the bounds of the currently mapped stack region, jumping over the stack guard pages. A specifically crafted DBUS message could crash PID 1 and result in a subsequent kernel panic.
References
+ https://bugzilla.redhat.com/show_bug.cgi?id=1667032
+ https://www.openwall.com/lists/oss-security/2019/02/18/3
+ https://github.com/systemd/systemd/commit/612b74d32f970c43c14ad087ad086424792981b1
+ https://github.com/systemd/systemd/commit/61397a60d98e368a5720b37e83f3169e3eb511c4
+ https://github.com/systemd/systemd/commit/f519a19bcd5afe674a9b8fc462cd77d8bad403c1
Notes
CVE-2019-6465 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Access restriction bypass
Description
+ Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable in bind before 9.13.7. A client exercising this defect can request and receive a zone transfer of a DLZ even when not permitted to do so by the allow-transfer ACL.
References
+ https://kb.isc.org/docs/cve-2019-6465
Notes
CVE-2019-6472 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Denial of service
Description
+ An issue has been found in the Kea DHCPv6 server before 1.6.0 or 1.5.0-P1, which can exit with an assertion failure if the DHCPv6 server process receives a request containing a DUID value which is too large.
References
+ https://kb.isc.org/docs/cve-2019-6472
Notes
CVE-2019-6473 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ An issue has been found in the Kea DHCPv6 server before 1.6.0 or 1.5.0-P1, which can exit with an assertion failure if it receives a packed containing a malformed option.
References
+ https://kb.isc.org/docs/cve-2019-6473
Notes
CVE-2019-6474 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Denial of service
Description
+ An issue has been found in the Kea DHCPv6 server before 1.6.0 or 1.5.0-P1, where a missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart. If the number of such leases exceeds a hard-coded limit in the Kea code, a server trying to restart will conclude that there is a problem with its lease store and give up.
References
+ https://kb.isc.org/docs/cve-2019-6474
Notes
+ CVE-2019-6474 can only affect servers which are using memfile for lease storage
CVE-2019-6486 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Private key recovery
Description
+ Go before versions 1.10.8 and 1.11.5 has a vulnerability in the crypto/elliptic implementations of the P-521 and P-384 elliptic curves. A remote attacker can exploit this by crafting inputs that consume excessive amounts of CPU. These inputs might be delivered via TLS handshakes, X.509 certificates, JWT tokens, ECDH shares or ECDSA signatures. In some cases, if an ECDH private key is reused more than once, the attack can also lead to key recovery.
References
+ https://groups.google.com/forum/m/#!topic/golang-announce/mVeX35iXuSw
+ https://github.com/golang/go/issues/29903
+ https://github.com/golang/go/commit/42b42f71
Notes