Google ChromeOS SafeSetID LSM Transitive Trust Exploit

ChromeOS: multiple issues in SafeSetID LSM I decided to take a look at the new SafeSetID LSM that ChromeOS upstreamed and found several issues. Since this LSM is already running on Pixelbook on the stable channel, I'm filing this as a security bug. This LSM restricts the use of CAPSETUID by...

GHSA-P3W6-JCG4-52XH Improper Verification of Cryptographic Signature in django-rest-registration

Misusing the Django Signer API leads to predictable signatures used in verification emails Impact The vulnerability is a high severity one. Anyone using Django REST Registration library versions 0.2. - 0.4. with e-mail verification option which is recommended, but needs additional configuration i...

CVE-2019-5809

Use after free in file chooser in Google Chrome prior to 74.0.3729.108 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page...

Node.js: loader.js is not secure

Summary: Node.js loader.js can be exploited by an attacker The vulnerability https://github.com/nodejs/node/blob/a33c3c6d33fa81fa59a5aa95246d7f599e6abdd3/lib/internal/modules/cjs/loader.jsL892 js Module.initPaths = function var homeDir; var nodePath; if isWindows homeDir = process.env.USERPROFILE...

ffmpeg/ffmpeg_AV_CODEC_ID_WMV3IMAGE_fuzzer: Index-out-of-bounds in vc1_decode_ac_coeff

Project: https://git.ffmpeg.org/ffmpeg.git Detailed report: https://oss-fuzz.com/testcase?key=5648992869810176 Project: ffmpeg Fuzzer: libFuzzerffmpegAVCODECIDWMV3IMAGEfuzzer Fuzz target binary: ffmpegAVCODECIDWMV3IMAGEfuzzer Job Type: libfuzzerubsanffmpeg Platform Id: linux Crash Type:...

CVE-2018-19802

aubio v0.4.0 to v0.4.8 has a newaubioonset NULL pointer dereference...

CVE-2018-12886

stackprotectprologue in cfgexpand.c and stackprotectepilogue in function.c in GNU Compiler Collection GCC 4.1 through 8 under certain circumstances generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the...

Google Has Stored Some Passwords in Plaintext Since 2005

On the heels of embarrassing disclosures from Facebook and Twitter, Google reveals its own password bugs—one of which lasted 14 years...

XNU Stale Pointer Use-After-Free

XNU: Use-after-free due to stale pointer left by in6pcbdetach Related CVE Numbers: CVE-2019-8605Fixed-2019-May-13. Reproduction Repros on 10.14.3 when run as root. It may need multiple tries to trigger. $ clang -o in6selectsrc in6selectsrc.cc $ while 1; do sudo ./in6selectsrc; done res0: 3 res1: ...

This Week in Security News: Unsecured Servers and Vulnerable Processors

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about vulnerabilities that can allow hackers to retrieve data from CPUs and mine cryptocurrency. Read on: May’s Patch Tuesday Include...

Code injection

In FreeBSD 11.3-PRERELEASE and 12.0-STABLE before r347591, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in the pf IPv6 fragment reassembly logic incorrectly uses the last extension header offset from the last received packet instead of the first packet...

perfetto/trace_processor_fuzzer: Crash in perfetto::trace_processor::fuchsia_trace_utils::ReadTimestamp

Project: https://android.googlesource.com/platform/external/perfetto/ Detailed report: https://oss-fuzz.com/testcase?key=5197616339484672 Project: perfetto Fuzzer: libFuzzerperfettotraceprocessorfuzzer Fuzz target binary: traceprocessorfuzzer Job Type: libfuzzerasanperfetto Platform Id: linux Cra...

Twitter Leaks Apple iOS Users' Location Data to Ad Partner

Twitter has disclosed a security bug in its platform that it said inadvertently leaked iOS users’ location data. The Twitter for iOS bug leaked location data at the ZIP code or city level, according to the social media company’s announcement on Monday. Twitter stressed that it has fixed the bug,...

jQuery 2.2.4 is vulnerable to prototype pollution

Bitbucket Server comes with jQuery version 2.2.4. This version of jQuery is vulnerable to a security bug CVE-2019-11358, https://nvd.nist.gov/vuln/detail/CVE-2019-11358 which is only fixed in jQuery 3.4.0...

CVE-2019-10869

CVE-2019-10869 affects WordPress Ninja Forms Plugin prior to version 3.0.23 (when the Uploads add-on is activated). It enables path traversal and unrestricted file upload via the uploads handling (includes/fields/upload.php, aka upload/submit page) name and tmp_name parameters, allowing an attack...

Node.js third-party modules: [larvitbase-api] Unintended Require

I would like to report Unintended Require vulnerability in larvitbase-api It allows loading arbitary non-production code js files. Module module name: larvitbase-api version: 0.5.3 npm page: https://www.npmjs.com/package/larvitbase-api Module Description REST http API base framework based on...

libxslt/xslt: Use-of-uninitialized-value in xsltNumberFormatInsertNumbers

Project: https://gitlab.gnome.org/GNOME/libxslt.git Detailed report: https://oss-fuzz.com/testcase?key=5631739747106816 Project: libxslt Fuzzer: libFuzzerlibxsltxslt Fuzz target binary: xslt Job Type: libfuzzermsanlibxslt Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address:...

cryptofuzz/cryptofuzz-openssl-noasm: Use-of-uninitialized-value in bool std::__1::equal<std::__1::__wrap_iter<unsigned char const*>, std::__1::__wr

Project: https://github.com/guidovranken/cryptofuzz.git Detailed report: https://oss-fuzz.com/testcase?key=5734873723043840 Project: cryptofuzz Fuzzer: libFuzzercryptofuzzcryptofuzz-openssl-noasm Fuzz target binary: cryptofuzz-openssl-noasm Job Type: libfuzzermsancryptofuzz Platform Id: linux Cra...

lwan/request_fuzzer: Global-buffer-overflow in lwan_parse_rfc_time

Project: git://github.com/lpereira/lwan Detailed report: https://oss-fuzz.com/testcase?key=5675545829834752 Project: lwan Fuzzer: libFuzzerlwanrequestfuzzer Fuzz target binary: requestfuzzer Job Type: libfuzzerasanlwan Platform Id: linux Crash Type: Global-buffer-overflow READ 4 Crash Address:...

CVE-2019-11035

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exifiifaddvalue function. This may lead to information disclosure or crash...