---

Log

CVE-2019-8905 created at 25 Sep 2019 19:31:40
Severity	+ High
Remote	+ Local
Type	+ Information disclosure
Description	+ do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.
References	+ https://bugs.astron.com/view.php?id=63
Notes

CVE-2019-8906 created at 25 Sep 2019 19:31:40
Severity	+ Medium
Remote	+ Remote
Type	+ Information disclosure
Description	+ do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.
References	+ https://github.com/file/file/commit/2858eaf99f6cc5aae129bcbf1e24ad160240185f + https://bugs.astron.com/view.php?id=64
Notes

CVE-2019-8907 created at 25 Sep 2019 19:31:40
Severity	+ Medium
Remote	+ Remote
Type	+ Denial of service
Description	+ do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact.
References	+ https://bugs.astron.com/view.php?id=65
Notes

CVE-2019-8912 created at 25 Sep 2019 19:31:40
Severity	+ Critical
Remote	+ Remote
Type	+ Arbitrary code execution
Description	+ In the Linux kernel through 4.20.10, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr.
References	+ http://patchwork.ozlabs.org/patch/1042902/ + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9060cb719e61b685ec0102574e10337fa5f445ea
Notes

CVE-2019-8942 created at 25 Sep 2019 19:31:40
Severity	+ Critical
Remote	+ Remote
Type	+ Arbitrary code execution
Description	+ WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. Exploitation can leverage CVE-2019-8943.
References	+ https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
Notes

CVE-2019-8943 created at 25 Sep 2019 19:31:40
Severity	+ High
Remote	+ Remote
Type	+ Directory traversal
Description	+ WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring.
References	+ https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
Notes

CVE-2019-9169 created at 25 Sep 2019 19:31:40
Severity	+ High
Remote	+ Local
Type	+ Arbitrary code execution
Description	+ In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.
References	+ https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=583dd860d5b833037175247230a328f0050dbfe9 + https://sourceware.org/bugzilla/show_bug.cgi?id=24114 + https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142 + https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140
Notes

CVE-2019-9511 created at 25 Sep 2019 19:31:40
Severity	+ Medium
Remote	+ Remote
Type	+ Denial of service
Description	+ An issue has been found in several HTTP/2 implementations, where the attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.
References	+ https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md + https://github.com/nginx/nginx/commit/a987f81dd19210bc30b62591db331e31d3d74089
Notes

CVE-2019-9512 created at 25 Sep 2019 19:31:40
Severity	+ Medium
Remote	+ Remote
Type	+ Denial of service
Description	+ An issue has been found in several HTTP/2 implementations, where the attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.
References	+ https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
Notes

CVE-2019-9513 created at 25 Sep 2019 19:31:40
Severity	+ Medium
Remote	+ Remote
Type	+ Denial of service
Description	+ An issue has been found in several HTTP/2 implementations, where the attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU, potentially leading to a denial of service.
References	+ https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md + https://github.com/nginx/nginx/commit/5ae726912654da10a9a81b2c8436829f3e94f69f
Notes