Vulnerabilities

CVE-2016-10905


kernel/git/torvalds/linux.git - Linux kernel source tree
An issue was discovered in fs/gfs2/rgrp.c in the Linux kernel before 4.8. A use-after-free is caused by the functions gfs2_clear_rgrpd and read_rindex_entry.

CVE-2016-10906


kernel/git/torvalds/linux.git - Linux kernel source tree
An issue was discovered in drivers/net/ethernet/arc/emac_main.c in the Linux kernel before 4.5. A use-after-free is caused by a race condition between the functions arc_emac_tx and arc_emac_tx_clean.

CVE-2016-10907


https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.6 kernel/git/torvalds/linux.git - Linux kernel source tree
An issue was discovered in drivers/iio/dac/ad5755.c in the Linux kernel before 4.8.6. There is an out of bounds write in the function ad5755_parse_dt.

CVE-2017-18549


kernel/git/torvalds/linux.git - Linux kernel source tree
An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_send_raw_srb does not initialize the reply structure.

CVE-2017-18550


kernel/git/torvalds/linux.git - Linux kernel source tree
An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_get_hba_info does not initialize the hbainfo structure.

CVE-2017-18551


https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.15 kernel/git/torvalds/linux.git - Linux kernel source tree
An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated.

CVE-2017-18552


kernel/git/torvalds/linux.git - Linux kernel source tree
An issue was discovered in net/rds/af_rds.c in the Linux kernel before 4.11. There is an out of bounds write and read in the function rds_recv_track_latency.

CVE-2018-20976


kernel/git/torvalds/linux.git - Linux kernel source tree
An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure.

CVE-2019-15129


PoC Humanica Humatrix 7 version 1.0.0.203, 1.0.0.681 Recruitment module - Arbitrary File Upload (CVE-2019-15130) and Unauthorized Access File (CVE-2019-15129) · GitHub
The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to access all candidates' files in the photo folder on the website by specifying a "user id" parameter and file name, such as in a recruitment_online/upload/user/[user_id]/photo/[file_name] URI.

CVE-2019-15130


PoC Humanica Humatrix 7 version 1.0.0.203, 1.0.0.681 Recruitment module - Arbitrary File Upload (CVE-2019-15130) and Unauthorized Access File (CVE-2019-15129) · GitHub
The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to upload any file type to a candidate's profile picture folder via a crafted recruitment_online/personalData/act_personaltab.cfm multiple-part POST request with a predictable WRC01_USERID parameter. Moreover, the attacker can upload executable content (e.g., asp or aspx) for executing OS commands on the server.

CVE-2019-15135


[1908.05310] Network Reconnaissance and Vulnerability Excavation of Secure DDS Systems https://www.omg.org/spec/DDS-SECURITY/1.1/PDF
The handshake protocol in Object Management Group (OMG) DDS Security 1.1 sends cleartext information about all of the capabilities of a participant (including capabilities inapplicable to the current session), which makes it easier for attackers to discover potentially sensitive reachability information on a Data Distribution Service (DDS) network.

CVE-2019-15136


[1908.05310] Network Reconnaissance and Vulnerability Excavation of Secure DDS Systems Partition permission are not enforced for remote participants [5342] · Issue #443 · eProsima/Fast-RTPS · GitHub
The Access Control plugin in eProsima Fast RTPS through 1.9.0 does not check partition permissions from remote participant connections, which can lead to policy bypass for a secure Data Distribution Service (DDS) partition.

CVE-2019-15137


[1908.05310] Network Reconnaissance and Vulnerability Excavation of Secure DDS Systems Misuse of fnmatch used by DDS Security Access Control [5677] · Issue #441 · eProsima/Fast-RTPS · GitHub
The Access Control plugin in eProsima Fast RTPS through 1.9.0 allows fnmatch pattern matches with topic name strings (instead of the permission expressions themselves), which can lead to unintended connections between participants in a Data Distribution Service (DDS) network.

CVE-2019-15139


https://github.com/ImageMagick/ImageMagick/issues/1553 · ImageMagick/ImageMagick@c78993d · GitHub AddressSanitizer: Invalid read at xwd.c:573 · Issue #1553 · ImageMagick/ImageMagick · GitHub
The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (application crash resulting from an out-of-bounds Read) in ReadXWDImage in coders/xwd.c by crafting a corrupted XWD image file, a different vulnerability than CVE-2019-11472.

CVE-2019-15140


https://github.com/ImageMagick/ImageMagick/issues/1554 · ImageMagick/ImageMagick@f720661 · GitHub AddressSanitizer: heap-use-after-free at constitute.c:659 · Issue #1554 · ImageMagick/ImageMagick · GitHub
coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that is mishandled in ReadImage in MagickCore/constitute.c.

CVE-2019-15141


AddressSanitizer: heap-buffer-overflow at coders/tiff.c:4324 · Issue #1560 · ImageMagick/ImageMagick · GitHub https://github.com/ImageMagick/ImageMagick/issues/1560 · ImageMagick/ImageMagick6@3c53413 · GitHub
WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image file, related to TIFFRewriteDirectory, TIFFWriteDirectory, TIFFWriteDirectorySec, and TIFFWriteDirectoryTagColormap in tif_dirwrite.c of LibTIFF. NOTE: this occurs because of an incomplete fix for CVE-2019-11597.

CVE-2019-15142


DjVuLibre / Bugs / #296 heap-buffer-overflow at GString.cpp:1017 https://sourceforge.net/p/djvu/djvulibre-git/ci/970fb11a296b5bbdc5e8425851253d2c5913c45e/
In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read) by crafting a DJVU file.

CVE-2019-15143


DjVuLibre / Bugs / #297 infinite loop inside GBitmap::read_rle_raw https://sourceforge.net/p/djvu/djvulibre-git/ci/b1f4e1b2187d9e5010cd01ceccf20b4a11ce723f/
In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp.

CVE-2019-15144


DjVuLibre / Bugs / #299 Stack-overflow when processing pbm images https://sourceforge.net/p/djvu/djvulibre-git/ci/e15d51510048927f172f1bf1f27ede65907d940d/
In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate::sort) allows attackers to cause a denial-of-service (application crash due to an Uncontrolled Recursion) by crafting a PBM image file that is mishandled in libdjvu/GContainer.h.

CVE-2019-15145


DjVuLibre / Bugs / #298 Invalid Memory Read when calling processing jb2 images https://sourceforge.net/p/djvu/djvulibre-git/ci/9658b01431cd7ff6344d7787f855179e73fe81a7/
DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file that is mishandled in JB2Dict::JB2Codec::get_direct_context in libdjvu/JB2Image.h because of a missing zero-bytes check in libdjvu/GBitmap.h.

CVE-2019-15146


fixed many security issues with the too crude mp4 reader · gopro/gpmf-parser@341f12c · GitHub Multiple crashes when parsing MP4 files · Issue #60 · gopro/gpmf-parser · GitHub
GoPro GPMF-parser 1.2.2 has a heap-based buffer over-read (4 bytes) in GPMF_Next in GPMF_parser.c.

CVE-2019-15147


fixed many security issues with the too crude mp4 reader · gopro/gpmf-parser@341f12c · GitHub Multiple crashes when parsing MP4 files · Issue #60 · gopro/gpmf-parser · GitHub
GoPro GPMF-parser 1.2.2 has an out-of-bounds read and SEGV in GPMF_Next in GPMF_parser.c.

CVE-2019-15148


fixed many security issues with the too crude mp4 reader · gopro/gpmf-parser@341f12c · GitHub Multiple crashes when parsing MP4 files · Issue #60 · gopro/gpmf-parser · GitHub
GoPro GPMF-parser 1.2.2 has an out-of-bounds write in OpenMP4Source in demo/GPMF_mp4reader.c.

CVE-2019-15149


[security] core: undirectional routing wasn't respected in some cases · dw/mitogen@5924af1 · GitHub Release Notes — Mitogen Documentation
core.py in Mitogen before 0.2.8 has a typo that drops the unidirectional-routing protection mechanism in the case of a child that is initiated by another child. The Ansible extension is unaffected.

CVE-2019-15150


Enforce/verify state parameter of callback · Schine/MW-OAuth2Client@6a4fe45 · GitHub Release MW OAuth2 Client 0.4 (Security Fix) · Schine/MW-OAuth2Client · GitHub
In the OAuth2 Client extension before 0.4 for MediaWiki, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function.

CVE-2019-15151


Double free in Cu6mPlayer::~Cu6mPlayer() · Issue #91 · adplug/adplug · GitHub
AdPlug 2.3.1 has a double free in the Cu6mPlayer class in u6m.h.

Techno

The comic's Strip