Log

CVE-2019-8680 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ An issue has been found in WebKitGTK before 2.24.4 where processing maliciously crafted web content may lead to arbitrary code execution.
References
+ https://webkitgtk.org/security/WSA-2019-0004.html#CVE-2019-8680
Notes
CVE-2019-8683 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ An issue has been found in WebKitGTK before 2.24.4 where processing maliciously crafted web content may lead to arbitrary code execution.
References
+ https://webkitgtk.org/security/WSA-2019-0004.html#CVE-2019-8683
Notes
CVE-2019-8684 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ An issue has been found in WebKitGTK before 2.24.4 where processing maliciously crafted web content may lead to arbitrary code execution.
References
+ https://webkitgtk.org/security/WSA-2019-0004.html#CVE-2019-8684
Notes
CVE-2019-8688 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ An issue has been found in WebKitGTK before 2.24.4 where processing maliciously crafted web content may lead to arbitrary code execution.
References
+ https://webkitgtk.org/security/WSA-2019-0004.html#CVE-2019-8688
Notes
CVE-2019-8904 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Information disclosure
Description
+ do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf.
References
+ https://bugs.astron.com/view.php?id=62
Notes
CVE-2019-8905 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Information disclosure
Description
+ do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.
References
+ https://bugs.astron.com/view.php?id=63
Notes
CVE-2019-8906 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Information disclosure
Description
+ do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.
References
+ https://github.com/file/file/commit/2858eaf99f6cc5aae129bcbf1e24ad160240185f
+ https://bugs.astron.com/view.php?id=64
Notes
CVE-2019-8907 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact.
References
+ https://bugs.astron.com/view.php?id=65
Notes
CVE-2019-8912 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ In the Linux kernel through 4.20.10, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr.
References
+ http://patchwork.ozlabs.org/patch/1042902/
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9060cb719e61b685ec0102574e10337fa5f445ea
Notes
CVE-2019-8942 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. Exploitation can leverage CVE-2019-8943.
References
+ https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
Notes