Log

CVE-2019-9820 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A use-after-free vulnerability can occur in the chrome event handler of Firefox before 67.0 when it is freed while still in use. This results in a potentially exploitable crash.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9820
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1536405
Notes
CVE-2019-9821 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A use-after-free vulnerability can occur in AssertWorkerThread in Firefox before 67.0, due to a race condition with shared workers. This results in a potentially exploitable crash.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9821
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1539125
Notes
CVE-2019-9848 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary command execution
Description
+ An issue has been found in LibreOffice before 6.2.5, where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary python commands. By using the document event feature to trigger LibreLogo to execute python contained within a document a malicious document could be constructed which would execute arbitrary python commands silently without warning.
+ In the fixed versions, LibreLogo cannot be called from a document event handler.
References
+ https://www.libreoffice.org/about-us/security/advisories/cve-2019-9848
+ https://github.com/LibreOffice/core/commit/5d47b7b3f6a134037f1f3d8c018505244d7be484
+ https://github.com/LibreOffice/core/commit/3dd024a28a98a9d4b4efc3c7ec6acaa94d2b25fd
Notes
CVE-2019-9849 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Information disclosure
Description
+ LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where bullet graphics were omitted from this protection prior to version 6.2.5.
References
+ https://www.libreoffice.org/about-us/security/advisories/cve-2019-9849
Notes
CVE-2019-9893 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Access restriction bypass
Description
+ An issue has been found in libseccomp before 2.4.0 in the way 64-bit comparisons was done using 32-bit operator, leading to some filters not being properly applied.
References
+ https://github.com/seccomp/libseccomp/issues/139
Notes
CVE-2019-9956 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A stack-based buffer overflow has been found in ImageMagick before 7.0.8-35, in the WritePSImage() function.
References
+ https://github.com/ImageMagick/ImageMagick/issues/1523
+ https://github.com/ImageMagick/ImageMagick/commit/34a6a5a45e83a4af852090b4e43f168a380df979
Notes