Log

CVE-2019-6974 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Arbitrary code execution
Description
+ A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor implements its device control API. While creating a device via kvm_ioctl_create_device(), the device holds a reference to a VM object, later this reference is transferred to the caller's file descriptor table. If such file descriptor was to be closed, reference count to the VM object could become zero, potentially leading to a use-after-free issue. A user/process could use this flaw to crash the guest VM resulting in a denial of service issue or, potentially, gain privileged access to a system.
References
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cfa39381173d5f969daf43582c95ad679189cbc9
+ https://bugs.chromium.org/p/project-zero/issues/detail?id=1765
+ https://www.exploit-db.com/exploits/46388
Notes
CVE-2019-6975 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows uncontrolled memory consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function.
+ If the affected numberformat function as used by contrib.admin as well as the the floatformat, filesizeformat, and intcomma templates filters receives a Decimal with a large number of digits or a large exponent, it could lead to significant memory usage due to a call to '{:f}'.format().
References
+ https://www.djangoproject.com/weblog/2019/feb/11/security-releases/
+ https://www.openwall.com/lists/oss-security/2019/02/11/1
+ https://github.com/django/django/commit/0bbb560183fabf0533289700845dafa94951f227
+ https://github.com/django/django/commit/40cd19055773705301c3428ed5e08a036d2091f3
Notes
CVE-2019-6977 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.
References
+ https://bugs.php.net/bug.php?id=77270
+ https://gist.github.com/cmb69/1f36d285eb297ed326f5c821d7aafced
Notes
CVE-2019-6978 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c.
References
+ https://github.com/libgd/libgd/issues/492
+ https://github.com/libgd/libgd/commit/553702980ae89c83f2d6e254d62cf82e204956d0
Notes
CVE-2019-6988 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Denial of service
Description
+ An issue has been discovered in OpenJPEG <= 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in
+ openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress.
References
+ https://github.com/uclouvain/openjpeg/issues/1178
Notes
CVE-2019-7096 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ An arbitrary code execution issue has been found in Adobe Flash Player before 32.0.0.171.
References
+ https://helpx.adobe.com/security/products/flash-player/apsb19-19.html
Notes
CVE-2019-7108 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Information disclosure
Description
+ An out-of-bounds read has been found in Adobe Flash Player before 32.0.0.171.
References
+ https://helpx.adobe.com/security/products/flash-player/apsb19-19.html
Notes
CVE-2019-7148 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Denial of service
Description
+ An attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfutils <= 0.175. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted elf input, which leads to an out-of-memory exception.
References
+ https://sourceware.org/bugzilla/show_bug.cgi?id=24085
Notes
CVE-2019-7149 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Denial of service
Description
+ A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service.
References
+ https://sourceware.org/bugzilla/show_bug.cgi?id=24102
Notes
CVE-2019-7150 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Denial of service
Description
+ An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service.
References
+ https://sourceware.org/bugzilla/show_bug.cgi?id=24103
Notes