issues
advisories
todo
stats
log
login

Log

« prev 1 2 … 2043 2044 2045 2046 2047 2048 next »

CVE-2019-9514 created at 25 Sep 2019 19:31:40

Severity

Medium

Remote

Type

+	Denial of service

Description

An issue has been found in several HTTP/2 implementations, where the attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both, potentially leading to a denial of service.

References

+	https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md

Notes

CVE-2019-9516 created at 25 Sep 2019 19:31:40

Severity

Medium

Remote

Type

+	Denial of service

Description

An issue has been found in several HTTP/2 implementations, where the attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory, potentially leading to a denial of service.

References

+	https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
+	https://github.com/nginx/nginx/commit/6dfbc8b1c2116f362bb871efebbf9df576738e89

Notes

CVE-2019-9636 created at 25 Sep 2019 19:31:40

Severity

High

Remote

Type

+	Information disclosure

Description

Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. A specially crafted URL could be incorrectly parsed by urllib.parse.urlsplit and urllib.parse.urlparse to locate cookies or authentication data and send that information to a different host than when parsed correctly.

References

+	https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html
+	https://github.com/python/cpython/commit/daad2c482c91de32d8305abbccc76a5de8b3a8be
+	https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de

Notes

CVE-2019-9686 created at 25 Sep 2019 19:31:40

Severity

High

Remote

Type

+	Arbitrary code execution

Description

pacman prior to version 5.1.3 allows directory traversal when installing a remote package via a specified URL "pacman -U <url>" due to an unsanitized file name received from a Content-Disposition header. pacman renames the downloaded package file to match the name given in this header. However, pacman did not sanitize this name, which may contain slashes, before calling rename(). A malicious server (or a network MitM if downloading over HTTP) can send a Content-Disposition header to make pacman place the file anywhere in the filesystem, potentially leading to arbitrary root code execution. Notably, this bypasses pacman's package signature checking. This occurs in curl_download_internal in lib/libalpm/dload.c.

References

+	https://git.archlinux.org/pacman.git/commit/?id=9702703633bec2c007730006de2aeec8587dfc84
+	https://git.archlinux.org/pacman.git/commit/?id=d197d8ab82cf10650487518fb968067897a12775
+	https://git.archlinux.org/pacman.git/commit/?h=release/5.1.x&id=1bf767234363f7ad5933af3f7ce267c123017bde

Notes

CVE-2019-9788 created at 25 Sep 2019 19:31:40

Severity

Critical

Remote

Type

+	Arbitrary code execution

Description

+	Several memory safety bugs have been found in Firefox before 66.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with enough effort some of these could be exploited to run arbitrary code.

References

+	https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9788
+	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1518001%2C1521304%2C1521214%2C1506665%2C1516834%2C1518774%2C1524755%2C1523362%2C1524214%2C1529203

Notes

CVE-2019-9789 created at 25 Sep 2019 19:31:40

Severity

Critical

Remote

Type

+	Arbitrary code execution

Description

+	Several memory safety bugs have been found in Firefox before 66.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with enough effort some of these could be exploited to run arbitrary code.

References

+	https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9789
+	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1520483%2C1522987%2C1528199%2C1519337%2C1525549%2C1516179%2C1518524%2C1518331%2C1526579%2C1512567%2C1524335%2C1448505%2C1518821

Notes

CVE-2019-9790 created at 25 Sep 2019 19:31:40

Severity

Critical

Remote

Type

+	Arbitrary code execution

Description

+	A use-after-free vulnerability can occur in Firefox before 66.0 when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially exploitable crash.

References

+	https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9790
+	https://bugzilla.mozilla.org/show_bug.cgi?id=1525145

Notes

CVE-2019-9791 created at 25 Sep 2019 19:31:40

Severity

Critical

Remote

Type

+	Arbitrary code execution

Description

The type inference system in Firefox before 66.0 allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and writing of objects during an exploitable crash.

References

+	https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9791
+	https://bugzilla.mozilla.org/show_bug.cgi?id=1530958

Notes

CVE-2019-9792 created at 25 Sep 2019 19:31:40

Severity

Critical

Remote

Type

+	Arbitrary code execution

Description

+	The IonMonkey just-in-time (JIT) compiler in Firefox before 66.0 can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exploitable crash.

References

+	https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9792
+	https://bugzilla.mozilla.org/show_bug.cgi?id=1532599

Notes

CVE-2019-9793 created at 25 Sep 2019 19:31:40

Severity

High

Remote

Type

+	Arbitrary code execution

Description

A mechanism was discovered in Firefox before 66.0 that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which the range analysis will infer a fully controlled, incorrect range in circumstances where users have explicitly disabled Spectre mitigations. Note that Spectre mitigations are currently enabled for all users by default settings.

References

+	https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9793
+	https://bugzilla.mozilla.org/show_bug.cgi?id=1528829

Notes