Log

CVE-2019-9636 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Information disclosure
Description
+ Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. A specially crafted URL could be incorrectly parsed by urllib.parse.urlsplit and urllib.parse.urlparse to locate cookies or authentication data and send that information to a different host than when parsed correctly.
References
+ https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html
+ https://github.com/python/cpython/commit/daad2c482c91de32d8305abbccc76a5de8b3a8be
+ https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de
Notes
CVE-2019-9686 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ pacman prior to version 5.1.3 allows directory traversal when installing a remote package via a specified URL "pacman -U <url>" due to an unsanitized file name received from a Content-Disposition header. pacman renames the downloaded package file to match the name given in this header. However, pacman did not sanitize this name, which may contain slashes, before calling rename(). A malicious server (or a network MitM if downloading over HTTP) can send a Content-Disposition header to make pacman place the file anywhere in the filesystem, potentially leading to arbitrary root code execution. Notably, this bypasses pacman's package signature checking. This occurs in curl_download_internal in lib/libalpm/dload.c.
References
+ https://git.archlinux.org/pacman.git/commit/?id=9702703633bec2c007730006de2aeec8587dfc84
+ https://git.archlinux.org/pacman.git/commit/?id=d197d8ab82cf10650487518fb968067897a12775
+ https://git.archlinux.org/pacman.git/commit/?h=release/5.1.x&id=1bf767234363f7ad5933af3f7ce267c123017bde
Notes
CVE-2019-9788 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ Several memory safety bugs have been found in Firefox before 66.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with enough effort some of these could be exploited to run arbitrary code.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9788
+ https://bugzilla.mozilla.org/buglist.cgi?bug_id=1518001%2C1521304%2C1521214%2C1506665%2C1516834%2C1518774%2C1524755%2C1523362%2C1524214%2C1529203
Notes
CVE-2019-9789 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ Several memory safety bugs have been found in Firefox before 66.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with enough effort some of these could be exploited to run arbitrary code.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9789
+ https://bugzilla.mozilla.org/buglist.cgi?bug_id=1520483%2C1522987%2C1528199%2C1519337%2C1525549%2C1516179%2C1518524%2C1518331%2C1526579%2C1512567%2C1524335%2C1448505%2C1518821
Notes
CVE-2019-9790 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A use-after-free vulnerability can occur in Firefox before 66.0 when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially exploitable crash.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9790
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1525145
Notes
CVE-2019-9791 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ The type inference system in Firefox before 66.0 allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and writing of objects during an exploitable crash.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9791
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1530958
Notes
CVE-2019-9792 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ The IonMonkey just-in-time (JIT) compiler in Firefox before 66.0 can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exploitable crash.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9792
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1532599
Notes
CVE-2019-9793 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A mechanism was discovered in Firefox before 66.0 that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which the range analysis will infer a fully controlled, incorrect range in circumstances where users have explicitly disabled Spectre mitigations. Note that Spectre mitigations are currently enabled for all users by default settings.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9793
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1528829
Notes
CVE-2019-9795 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A vulnerability has been found in Firefox before 66.0; where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9795
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1514682
Notes
CVE-2019-9796 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A use-after-free vulnerability can occur in Firefox before 66.0 when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller element, the refresh driver incorrectly leaves a dangling pointer to the driver's observer array.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9796
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1531277
Notes