Log

ASA-202002-6 created at 12 Feb 2020 16:51:58
CVE-2019-8835 edited at 12 Feb 2020 16:51:31
Severity
- Unknown
+ Critical
Remote
- Unknown
+ Remote
Type
- Unknown
+ Arbitrary code execution
Description
+ Multiple memory corruption issues have been found in WebKitGTK before 2.26.3, where processing maliciously crafted web content may lead to arbitrary code execution.
References
+ https://webkitgtk.org/security/WSA-2020-0001.html#CVE-2019-8835
Notes
CVE-2019-8844 edited at 12 Feb 2020 16:51:30
Severity
- Unknown
+ Critical
Remote
- Unknown
+ Remote
Type
- Unknown
+ Arbitrary code execution
Description
+ Multiple memory corruption issues have been found in WebKitGTK before 2.26.3, where processing maliciously crafted web content may lead to arbitrary code execution.
References
+ https://webkitgtk.org/security/WSA-2020-0001.html#CVE-2019-8844
Notes
AVG-1098 edited at 12 Feb 2020 16:51:28
Severity
- Unknown
+ Critical
CVE-2019-8846 edited at 12 Feb 2020 16:51:28
Severity
- Unknown
+ Critical
Remote
- Unknown
+ Remote
Type
- Unknown
+ Arbitrary code execution
Description
+ Multiple memory corruption issues have been found in WebKitGTK before 2.26.3, where processing maliciously crafted web content may lead to arbitrary code execution.
References
+ https://webkitgtk.org/security/WSA-2020-0001.html#CVE-2019-8846
Notes
AVG-1098 created at 12 Feb 2020 16:49:55
Packages
+ webkit2gtk
Issues
+ CVE-2019-8835
+ CVE-2019-8844
+ CVE-2019-8846
Status
+ Fixed
Severity
+ Unknown
Affected
+ 2.26.2-2
Fixed
+ 2.26.3-1
Ticket
Advisory qualified
+ Yes
References
+ https://webkitgtk.org/security/WSA-2020-0001.html
Notes
CVE-2019-8835 created at 12 Feb 2020 16:49:55
AVG-1098 created at 12 Feb 2020 16:49:55
Packages
+ webkit2gtk
Issues
+ CVE-2019-8835
+ CVE-2019-8844
+ CVE-2019-8846
Status
+ Fixed
Severity
+ Unknown
Affected
+ 2.26.2-2
Fixed
+ 2.26.3-1
Ticket
Advisory qualified
+ Yes
References
+ https://webkitgtk.org/security/WSA-2020-0001.html
Notes
CVE-2019-8846 created at 12 Feb 2020 16:49:55
AVG-1098 created at 12 Feb 2020 16:49:55
Packages
+ webkit2gtk
Issues
+ CVE-2019-8835
+ CVE-2019-8844
+ CVE-2019-8846
Status
+ Fixed
Severity
+ Unknown
Affected
+ 2.26.2-2
Fixed
+ 2.26.3-1
Ticket
Advisory qualified
+ Yes
References
+ https://webkitgtk.org/security/WSA-2020-0001.html
Notes
CVE-2019-8844 created at 12 Feb 2020 16:49:55
AVG-1097 edited at 12 Feb 2020 12:56:27
Status
- Vulnerable
+ Fixed
CVE-2020-7957 edited at 12 Feb 2020 12:38:16
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ A denial of service have been found in Dovecot before 2.3.9.3, where a specially crafted e-mail can cause a mailbox to have permanently inaccessible mail, or the e-mail itself can be stuck in delivery. This happens because the snippet generation crashes if a message is large enough that message-parser returns multiple body blocks, the first block(s) don't contain the full snippet (e.g. full of whitespace) and the input ends with '>'.
References
+ https://dovecot.org/pipermail/dovecot-news/2020-February/000430.html
Notes
AVG-1097 edited at 12 Feb 2020 12:34:26
Severity
- Unknown
+ Medium
CVE-2020-7046 edited at 12 Feb 2020 12:34:26
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ A denial of service has been found in Dovecot before 2.3.9.3, where lib-smtp doesn't handle truncated command parameters properly, resulting in infinite loop taking 100% CPU for the process. This happens for LMTP (where it doesn't matter so much) and also for submission-login where unauthenticated users can trigger it.
References
+ https://dovecot.org/pipermail/dovecot-news/2020-February/000431.html
Notes