Riasztások

NVD: all CVE · 2019. november 17.

CVE-2019-19040

KairosDB through 1.2.2 has XSS in view.html because of showErrorMessage in js/graph.js, as demonstrated by view.html?q= with a '"sampling":{"value":"<script>' substring.
NVD: all CVE · 2019. november 17.

CVE-2019-19041

An issue was discovered in Xorux Lpar2RRD 6.11 and Stor2RRD 2.61, as distributed in Xorux 2.41. They do not correctly verify the integrity of an upgrade package before processing it. As a result, official upgrade packages can be modified to inject an arbitrary Bash script that will be executed by the underlying system. It is possible to achieve this by modifying the values in the files.SUM file (which are used for integrity control) and injecting malicious code into the upgrade.sh file.
Linux security Advisories · 2019. november 17.

Fedora 29: djvulibre FEDORA-2019-7ca378f076>

Security fix for CVE-2019-15142, CVE-2019-15143, CVE-2019-15144 and CVE-2019-15145.
Linux security Advisories · 2019. november 17.

Fedora 30: ghostscript FEDORA-2019-17f42f585a>

Security fix for CVE-2019-14869
Linux security Advisories · 2019. november 17.

Fedora 30: djvulibre FEDORA-2019-b217f90c2a>

Security fix for CVE-2019-15142, CVE-2019-15143, CVE-2019-15144 and CVE-2019-15145.
Linux security Advisories · 2019. november 17.

openSUSE: 2019:2521-1: moderate: go1.12>

An update that solves two vulnerabilities and has one errata is now available.
Linux security Advisories · 2019. november 17.

openSUSE: 2019:2522-1: moderate: go1.12>

An update that solves two vulnerabilities and has one errata is now available.
NVD: all CVE · 2019. november 17.

CVE-2019-19012

An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression.
NVD: all CVE · 2019. november 17.

CVE-2019-19022

iTerm2 through 3.3.6 has potentially insufficient documentation about the presence of search history in com.googlecode.iterm2.plist, which might allow remote attackers to obtain sensitive information, as demonstrated by searching for the NoSyncSearchHistory string in .plist files within public Git repositories.
NVD: all CVE · 2019. november 17.

CVE-2019-19035

jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of service. The component is: ReadJpegSections and process_SOFn in jpgfile.c. The attack vector is: Open a specially crafted JPEG file.
NVD: all CVE · 2019. november 17.

CVE-2019-19011

MiniUPnP ngiflib 0.4 has a NULL pointer dereference in GifIndexToTrueColor in ngiflib.c via a file that lacks a palette.
Linux security Advisories · 2019. november 17.

Debian: DSA-4571-1: thunderbird security update>

Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code or denial of service.
Linux security Advisories · 2019. november 17.

Debian: DSA-4570-1: mosquitto security update

A vulnerability was discovered in mosquitto, a MQTT version 3.1/3.1.1 compatible message broker, allowing a malicious MQTT client to cause a denial of service (stack overflow and daemon crash), by sending a specially crafted SUBSCRIBE packet containing a topic with a extremely
Linux security Advisories · 2019. november 16.

Fedora 29: xen FEDORA-2019-865bb16900

VCPUOP_initialise DoS [XSA-296, CVE-2019-18420] missing descriptor table limit checking in x86 PV emulation [XSA-298, CVE-2019-18425] Issues with restartable PV type change operations [XSA-299, CVE-2019-18421] (#1767726) add-to-physmap can be abused to DoS Arm hosts [XSA-301, CVE-2019-18423] passed through PCI devices may corrupt host memory after deassignment [XSA-302, CVE-2019-18424]
Linux security Advisories · 2019. november 16.

Fedora 31: djvulibre FEDORA-2019-67ff247aea

Security fix for CVE-2019-15142, CVE-2019-15143, CVE-2019-15144 and CVE-2019-15145.