Log

CVE-2019-8907 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact.
References
+ https://bugs.astron.com/view.php?id=65
Notes
CVE-2019-8912 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ In the Linux kernel through 4.20.10, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr.
References
+ http://patchwork.ozlabs.org/patch/1042902/
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9060cb719e61b685ec0102574e10337fa5f445ea
Notes
CVE-2019-8942 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. Exploitation can leverage CVE-2019-8943.
References
+ https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
Notes
CVE-2019-8943 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Directory traversal
Description
+ WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring.
References
+ https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
Notes
CVE-2019-9169 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Arbitrary code execution
Description
+ In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.
References
+ https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=583dd860d5b833037175247230a328f0050dbfe9
+ https://sourceware.org/bugzilla/show_bug.cgi?id=24114
+ https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142
+ https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140
Notes
CVE-2019-9511 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ An issue has been found in several HTTP/2 implementations, where the attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.
References
+ https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
+ https://github.com/nginx/nginx/commit/a987f81dd19210bc30b62591db331e31d3d74089
Notes
CVE-2019-9512 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ An issue has been found in several HTTP/2 implementations, where the attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.
References
+ https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
Notes
CVE-2019-9513 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ An issue has been found in several HTTP/2 implementations, where the attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU, potentially leading to a denial of service.
References
+ https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
+ https://github.com/nginx/nginx/commit/5ae726912654da10a9a81b2c8436829f3e94f69f
Notes
CVE-2019-9514 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ An issue has been found in several HTTP/2 implementations, where the attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both, potentially leading to a denial of service.
References
+ https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
Notes
CVE-2019-9516 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ An issue has been found in several HTTP/2 implementations, where the attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory, potentially leading to a denial of service.
References
+ https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
+ https://github.com/nginx/nginx/commit/6dfbc8b1c2116f362bb871efebbf9df576738e89
Notes