Pillow -- Allocation of resources without limits or throttling

Mitre reports: An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image...

e2fsprogs -- maliciously corrupted file systems can trigger buffer overruns in the quota code used by e2fsck

Ted Y. Ts'o reports: A maliciously corrupted file systems can trigger buffer overruns in the quota code used by e2fsck...

cacti -- Authenticated users may bypass authorization checks

The cacti developers reports: In Cacti through 1.2.6, authenticated users may bypass authorization checks for viewing a graph via a direct graphjson.php request with a modified localgraphid parameter...

nexus2-oss -- Multiple vulerabilities

Sonatype reports: Several RCE vulnerabilities have been found and corrected in 2.14.15: CVE-2019-16530: An attacker with elevated privileges can upload a specially crafted file. That file can contain commands that will be executed on the system, with the same privileges as the user running the...

RabbitMQ-C -- auth credentials visible in commandline tool options

hadmut reports: This C library includes 2 command-line tools that can take credentials as command-line options. The credentials are exposed as plain-text in the process list. This could allow an attacker with access to the process list to see the credentials...

FreeBSD -- Improper checking in SCTP-AUTH shared key update

Problem Description: The SCTP layer does improper checking when an application tries to update a shared key. Therefore an unprivileged local user can trigger a use-after- free situation, for example by specific sequences of updating shared keys and closing the SCTP association. Impact: Triggering...

python 3.7 -- multiple vulnerabilities

Python changelog: bpo-38243: Escape the server title of xmlrpc.server.DocXMLRPCServer when rendering the document page as HTML. bpo-38174: Update vendorized expat library version to 2.2.8, which resolves CVE-2019-15903. bpo-37764: Fixes email.headervalueparser.getunstructured going into an infini...

expat2 -- Fix extraction of namespace prefixes from XML names

expat project reports: Fix heap overflow triggered by XMLGetCurrentLineNumber or XMLGetCurrentColumnNumber, and deny internal entities closing the doctype...

curl -- multiple vulnerabilities

curl security problems: CVE-2019-5481: FTP-KRB double-free libcurl can be told to use kerberos over FTP to a server, as set with the CURLOPTKRBLEVEL option. During such kerberos FTP data transfer, the server sends data to curl in blocks with the 32 bit size of each block first and then that amoun...

py39-lmdb -- multiple vulnerabilities

TeamSeri0us reports: An issue was discovered in py-lmdb 0.97. For certain values of mdflags, mdbnodeadd does not properly set up a memcpy destination, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker. An issue was discovered i...

Flash Player -- multiple vulnerabilities

Adobe reports: This update resolves a same origin method execution vulnerability that could lead to arbitrary code execution CVE-2019-8069. This update resolves a use-after-free vulnerability that could lead to arbitrary code execution CVE-2019-8070...

OpenSSL -- Multiple vulnerabilities

The OpenSSL project reports: ECDSA remote timing attack CVE-2019-1547 Low Fork Protection CVE-2019-1549 Low OpenSSL 1.1.1 only...

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Project Template Functionality Could Be Used to Access Restricted Project Data Security Enhancements in GitLab Pages...

FLAC -- out-of-bounds read

Oss-Fuzz reports: There is a possible out of bounds read due to a heap buffer overflow in FLACbitreaderreadricesignedblock of bitreader.c...

Mbed TLS -- Side channel attack on deterministic ECDSA

Janos Follath reports: Mbed TLS does not have a constant-time/constant-trace arithmetic library and uses blinding to protect against side channel attacks. In the ECDSA signature routine previous Mbed TLS versions used the same RNG object for generating the ephemeral key pair and for generating th...

clamav -- Denial-of-Service (DoS) vulnerability

Micah Snyder reports: A Denial-of-Service DoS vulnerability may occur when scanning a specially crafted email file as a result of excessively long scan times. The issue is resolved by implementing several maximums in parsing MIME messages and by optimizing use of memory allocation...

wordpress -- multiple issues

wordpress developers reports: Props to Simon Scannell of RIPS Technologies for finding and disclosing two issues. The first, a cross-site scripting XSS vulnerability found in post previews by contributors. The second was a cross-site scripting vulnerability in stored comments. Props to Tim Coen f...

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2019-11751: Malicious code execution through command line parameters CVE-2019-11746: Use-after-free while manipulating video CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML CVE-2019-11742: Same-origin policy violation with SVG...

Exim -- RCE with root privileges in TLS SNI handler

Exim developers report: If your Exim server accepts TLS connections, it is vulnerable. This does not depend on the TLS libray, so both, GnuTLS and OpenSSL are affected. The vulnerability is exploitable by sending a SNI ending in a backslash-null sequence during the initial TLS handshake. The...

www/varnish6 -- Denial of Service

The Varnish Team reports: A failure in HTTP/1 parsing can allow a remote attacker to trigger an assertion in varnish, restarting the daemon and clearing the cache...

samba -- combination of parameters and permissions can allow user to escape from the share path definition

The samba project reports: On a Samba SMB server for all versions of Samba from 4.9.0 clients are able to escape outside the share root directory if certain configuration parameters set in the smb.conf file...

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Kubernetes Integration Server-Side Request Forgery Server-Side Request Forgery in Jira Integration Improved Protection Against Credential Stuffing Attacks Markdown Clientside Resource Exhaustion Pipeline Status Disclosure Group Runner Authorization Issue CI Metrics Disclosure User...

libgcrypt -- ECDSA timing attack

GnuPG reports: Mitigate an ECDSA timing attack...

webkit2-gtk3 -- Multiple vulnerabilities

The WebKitGTK project reports many vulnerabilities, including several arbitrary code execution vulnerabilities...

ISC KEA -- Multiple vulnerabilities

Internet Systems Consortium, Inc. reports: A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate CVE-2019-6472 Medium An invalid hostname option can cause the kea-dhcp4 server to terminate CVE-2019-6473 Medium An oversight when validating incoming client requests can le...

mantis -- multiple vulnerabilities

The Mantis developers report: CVE-2019-15715: Admin Required - Post Authentication Command Execution / Injection Vulnerability CVE-2019-8331: In Bootstrap before 3.4.1, XSS is possible in the tooltip or popover data-template attribute Missing integrity hashes for CSS resources from CDNs...

bro -- invalid memory access or heap buffer over-read

Jon Siwek of Corelight reports: This is a security patch release to address a potential Denial of Service vulnerability: The NTLM analyzer did not properly handle AV Pair sequences that were either empty or unterminated, resulting in invalid memory access or heap buffer over-read. The NTLM analyz...

RDoc -- multiple jQuery vulnerabilities

Ruby news: There are multiple vulnerabilities about Cross-Site Scripting XSS in jQuery shipped with RDoc which bundled in Ruby. All Ruby users are recommended to update Ruby to the latest release which includes the fixed version of RDoc. The following vulnerabilities have been reported...

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description Medium SECURITY-1453 / CVE-2019-10383 Stored XSS vulnerability in update center High SECURITY-1491 / CVE-2019-10384 CSRF protection tokens for anonymous users did not expire in some circumstances...

file -- Heap buffer overflow possible

mitre reports cdfreadpropertyinfo in cdf.c in file through 5.37 does not restrict the number of CDFVECTOR elements, which allows a heap-based buffer overflow 4-byte out-of-bounds write...

gitea -- multiple vulnerabilities

The Gitea Team reports: This release contains two security fixes, so we highly recommend updating...

clamav -- multiple vulnerabilities

Micah Snyder reports: An out of bounds write was possible within ClamAV&s NSIS bzip2 library when attempting decompression in cases where the number of selectors exceeded the max limit set by the library CVE-2019-12900. The issue has been resolved by respecting that limit. The zip bomb...

FreeBSD -- IPv6 remote Denial-of-Service

Problem Description: Due do a missing check in the code of mpulldown9 data returned may not be contiguous as requested by the caller. Impact: Extra checks in the IPv6 code catch the error condition and trigger a kernel panic leading to a remote DoS denial-of-service attack with certain Ethernet...

FreeBSD -- Reference count overflow in mqueue filesystem 32-bit compat

Problem Description: System calls operating on file descriptors obtain a reference to relevant struct file which due to a programming error was not always put back, which in turn could be used to overflow the counter of affected struct file. Impact: A local user can use this flaw to obtain access...

FreeBSD -- kernel memory disclosure from /dev/midistat

Problem Description: The kernel driver for /dev/midistat implements a handler for read2. This handler is not thread-safe, and a multi-threaded program can exploit races in the handler to cause it to copy out kernel memory outside the boundaries of midistat's data buffer. Impact: The races allow a...

Ghostscript -- Security bypass vulnerabilities

Cedric Buissart Red Hat reports: A flaw was found in, ghostscript versions prior to 9.50, in the .pdfhookDSCCreator procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protecti...

webmin -- unauthenticated remote code execution

Joe Cooper reports: I've rolled out Webmin version 1.930 and Usermin version 1.780 for all repositories. This release includes several security fixes, including one potentially serious one caused by malicious code inserted into Webmin and Usermin at some point on our build infrastructure. We're...

Node.js -- multiple vulnerabilities

Node.js reports: Node.js, as well as many other implementations of HTTP/2, have been found vulnerable to Denial of Service attacks. See https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md for more information. Updates are now available for all active Node....

CUPS -- multiple vulnerabilities

Apple reports: CVE-2019-8696 and CVE-2019-8675: SNMP buffer overflows. IPP buffer overflow. Memory disclosure in the scheduler. DoS issues in the scheduler...

Mozilla -- Stored passwords in 'Saved Logins' can be copied without master password entry

Mozilla Foundation reports: CVE-2019-11733: Stored passwords in 'Saved Logins' can be copied without master password entry When a master password is set, it is required to be entered again before stored passwords can be accessed in the 'Saved Logins' dialog. It was found that locally stored...

Apache -- Multiple vulnerabilities

The Apache Team reports: SECURITY: CVE-2019-10081 modhttp2: HTTP/2 very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data...

mediawiki -- multiple vulnerabilities

Mediawiki reports: Security fixes: T230402, CVE-2019-16738 SECURITY: Add permission check for suppressed account to Special:Redirect...

Libgit2 -- multiple vulnerabilities

The Git community reports: A carefully constructed commit object with a very large number of parents may lead to potential out-of-bounds writes or potential denial of service. The ProgramData configuration file is always read for compatibility with Git for Windows and Portable Git installations...

traefik -- Denial of service in HTTP/2

The traefik project reports: Update of dependency to go go1.12.8 resolves potential HTTP/2 denial of service in traefik...

nghttp2 -- multiple vulnerabilities

nghttp2 GitHub releases: This release fixes CVE-2019-9511 "Data Dribble" and CVE-2019-9513 "Resource Loop" vulnerability in nghttpx and nghttpd. Specially crafted HTTP/2 frames cause Denial of Service by consuming CPU time. Check out...

h2o -- multiple HTTP/2 vulnerabilities

Jonathon Loomey of Netflix reports: HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion Recently, a series of DoS attack vulnerabilities have been reported on a broad range of HTTP/2 stacks. Among the vulnerabilities, H2O is exposed to the following: CVE-2019-95...

h2o -- multiple HTTP/2 vulnerabilities

Jonathon Loomey of Netflix reports: HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion Recently, a series of DoS attack vulnerabilities have been reported on a broad range of HTTP/2 stacks. Among the vulnerabilities, H2O is exposed to the following: CVE-2019-95...

NGINX -- Multiple vulnerabilities

NGINX Team reports: Several security issues were identified in nginx HTTP/2 implementation which might cause excessive memory consumption and CPU usage CVE-2019-9511, CVE-2019-9513, CVE-2019-9516. The issues affect nginx compiled with the ngxhttpv2module not compiled by default if the http2 optio...

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Insecure Authentication Methods Disabled for Grafana By Default Multiple Command-Line Flag Injection Vulnerabilities Insecure Cookie Handling on GitLab Pages...

Nokogiri -- injection vulnerability

Nokogiri GitHub release: A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess by Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizerloadfile is being passed untrusted user input...