Log

CVE-2018-14526 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Information disclosure
Description
+ An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.
References
+ https://papers.mathyvanhoef.com/woot2018.pdf
+ https://securitytracker.com/id/1041438
+ https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt
Notes
CVE-2018-14574 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Open redirect
Description
+ If the django.middleware.common.CommonMiddleware and the APPEND_SLASH setting are both enabled, and if the project has a URL pattern that accepts any path ending in a slash (many content management systems have such a pattern), then a request to a maliciously crafted URL of that site could lead to a redirect to another site, enabling phishing and other attacks.
References
+ https://www.djangoproject.com/weblog/2018/aug/01/security-releases/
+ https://github.com/django/django/commit/6fffc3c6d420e44f4029d5643f38d00a39b08525
Notes
CVE-2018-14626 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ An issue has been found in PowerDNS Authoritative Server before 4.1.5 and PowerDNS Recursor before 4.1.5, allowing a remote user to craft a DNS query that will cause an answer without DNSSEC records to be inserted into the packet cache and be returned to clients asking for DNSSEC records, thus hiding the presence of DNSSEC signatures for a specific qname and qtype. For a DNSSEC-signed domain, this means that DNSSEC validating clients will consider the answer to be bogus until it expires from the packet cache, leading to a denial of service.
References
+ https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-05.html
+ https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-06.html
Notes
CVE-2018-14629 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ A denial of service security issue has been found in samba from 4.0.0 up to and including 4.9.2, where an unprivileged user can use the ldbadd tool to add DNS records to create a CNAME loop, causing infinite query recursion.
References
+ https://www.samba.org/samba/security/CVE-2018-14629.html
+ https://bugzilla.samba.org/show_bug.cgi?id=13600
+ https://github.com/samba-team/samba/commit/bf596c14c2462b9a15ea738ef4f32b3abb8b63d1
Notes
CVE-2018-14644 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ An issue has been found in PowerDNS Recursor before 4.1.5 where a remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being wrongly cached as failing DNSSEC validation. It only arises if the parent zone is signed, and all the authoritative servers for that parent zone answer with FORMERR to a query for at least one of the meta-types. As a result, subsequent queries from clients requesting DNSSEC validation will be answered with a ServFail.
References
+ https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-07.html
Notes
CVE-2018-14665 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Privilege escalation
Description
+ Incorrect command-line parameter validation in the Xorg X server can lead to privilege elevation and/or arbitrary files overwrite, when the X server is installed with the setuid bit set and unprivileged users have the ability to log in to the system via physical console.
+
+ The -modulepath argument can be used to specify an insecure path to modules that are going to be loaded in the X server, allowing to execute unprivileged code in the privileged process.
+
+ The -logfile argument can be used to overwrite arbitrary files in the file system, due to incorrect checks in the parsing of the option.
References
+ https://gitlab.freedesktop.org/xorg/xserver/commit/50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e
+ https://gitlab.freedesktop.org/xorg/xserver/commit/032b1d79b7
+ https://www.openwall.com/lists/oss-security/2018/10/25/1
Notes
CVE-2018-14773 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Access restriction bypass
Description
+ Support for a (legacy) IIS header that lets users override the path in the request URL via the X-Original-URL or X-Rewrite-URL HTTP request header allows a user to access one URL but have Symfony return a different one which can bypass restrictions on higher level caches and web servers.
+
+ The fix drops support for these two obsolete IIS headers: X-Original-URL and X_REWRITE_URL.
References
+ https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
+ https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b
Notes
CVE-2018-14912 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Directory traversal
Description
+ cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.
References
+ https://bugs.chromium.org/p/project-zero/issues/detail?id=1627
+ https://lists.zx2c4.com/pipermail/cgit/2018-August/004176.html
+ https://git.zx2c4.com/cgit/commit/?id=53efaf30b50f095cad8c160488c74bba3e3b2680
Notes
CVE-2018-15473 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Information disclosure
Description
+ OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
References
+ http://www.openwall.com/lists/oss-security/2018/08/15/5
+ http://www.securitytracker.com/id/1041487
+ https://bugs.debian.org/906236
+ https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0
+ https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html
Notes
CVE-2018-15587 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Content spoofing
Description
+ GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment.
References
+ https://bugzilla.gnome.org/show_bug.cgi?id=796424
+ https://gitlab.gnome.org/GNOME/evolution/issues/120
Notes