issues
advisories
todo
stats
log
login

Log

« prev 1 2 … 2041 2042 2043 2044 2045 2046 next »

CVE-2019-9511 created at 25 Sep 2019 19:31:40

Severity

Medium

Remote

Type

+	Denial of service

Description

An issue has been found in several HTTP/2 implementations, where the attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.

References

+	https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
+	https://github.com/nginx/nginx/commit/a987f81dd19210bc30b62591db331e31d3d74089

Notes

CVE-2019-9512 created at 25 Sep 2019 19:31:40

Severity

Medium

Remote

Type

+	Denial of service

Description

An issue has been found in several HTTP/2 implementations, where the attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.

References

+	https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md

Notes

CVE-2019-9513 created at 25 Sep 2019 19:31:40

Severity

Medium

Remote

Type

+	Denial of service

Description

+	An issue has been found in several HTTP/2 implementations, where the attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU, potentially leading to a denial of service.

References

+	https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
+	https://github.com/nginx/nginx/commit/5ae726912654da10a9a81b2c8436829f3e94f69f

Notes

CVE-2019-9514 created at 25 Sep 2019 19:31:40

Severity

Medium

Remote

Type

+	Denial of service

Description

An issue has been found in several HTTP/2 implementations, where the attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both, potentially leading to a denial of service.

References

+	https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md

Notes

CVE-2019-9516 created at 25 Sep 2019 19:31:40

Severity

Medium

Remote

Type

+	Denial of service

Description

An issue has been found in several HTTP/2 implementations, where the attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory, potentially leading to a denial of service.

References

+	https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
+	https://github.com/nginx/nginx/commit/6dfbc8b1c2116f362bb871efebbf9df576738e89

Notes

CVE-2019-9636 created at 25 Sep 2019 19:31:40

Severity

High

Remote

Type

+	Information disclosure

Description

Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. A specially crafted URL could be incorrectly parsed by urllib.parse.urlsplit and urllib.parse.urlparse to locate cookies or authentication data and send that information to a different host than when parsed correctly.

References

+	https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html
+	https://github.com/python/cpython/commit/daad2c482c91de32d8305abbccc76a5de8b3a8be
+	https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de

Notes

CVE-2019-9686 created at 25 Sep 2019 19:31:40

Severity

High

Remote

Type

+	Arbitrary code execution

Description

pacman prior to version 5.1.3 allows directory traversal when installing a remote package via a specified URL "pacman -U <url>" due to an unsanitized file name received from a Content-Disposition header. pacman renames the downloaded package file to match the name given in this header. However, pacman did not sanitize this name, which may contain slashes, before calling rename(). A malicious server (or a network MitM if downloading over HTTP) can send a Content-Disposition header to make pacman place the file anywhere in the filesystem, potentially leading to arbitrary root code execution. Notably, this bypasses pacman's package signature checking. This occurs in curl_download_internal in lib/libalpm/dload.c.

References

+	https://git.archlinux.org/pacman.git/commit/?id=9702703633bec2c007730006de2aeec8587dfc84
+	https://git.archlinux.org/pacman.git/commit/?id=d197d8ab82cf10650487518fb968067897a12775
+	https://git.archlinux.org/pacman.git/commit/?h=release/5.1.x&id=1bf767234363f7ad5933af3f7ce267c123017bde

Notes

CVE-2019-9788 created at 25 Sep 2019 19:31:40

Severity

Critical

Remote

Type

+	Arbitrary code execution

Description

+	Several memory safety bugs have been found in Firefox before 66.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with enough effort some of these could be exploited to run arbitrary code.

References

+	https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9788
+	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1518001%2C1521304%2C1521214%2C1506665%2C1516834%2C1518774%2C1524755%2C1523362%2C1524214%2C1529203

Notes

CVE-2019-9789 created at 25 Sep 2019 19:31:40

Severity

Critical

Remote

Type

+	Arbitrary code execution

Description

+	Several memory safety bugs have been found in Firefox before 66.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with enough effort some of these could be exploited to run arbitrary code.

References

+	https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9789
+	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1520483%2C1522987%2C1528199%2C1519337%2C1525549%2C1516179%2C1518524%2C1518331%2C1526579%2C1512567%2C1524335%2C1448505%2C1518821

Notes

CVE-2019-9790 created at 25 Sep 2019 19:31:40

Severity

Critical

Remote

Type

+	Arbitrary code execution

Description

+	A use-after-free vulnerability can occur in Firefox before 66.0 when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially exploitable crash.

References

+	https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9790
+	https://bugzilla.mozilla.org/show_bug.cgi?id=1525145

Notes