Monthly Archive: May 2019

In UpdateLoadElement of ic.cc, there is a possible out-of-bounds write due to type confusion. This could lead to remote code execution in the proxy auto-config with no additional execution privileges needed. User interaction is...

In CalculateInstanceSizeForDerivedClass of objects.cc, there is possible memory corruption due to an integer overflow. This could lead to remote code execution in the proxy auto-config with no additional execution privileges needed. User interaction is...

In JSCallTyper of typer.cc, there is an out of bounds write due to an incorrect bounds check. This could lead to remote code execution in the proxy auto-config with no additional execution privileges needed....

In MakeMP>G4VideoCodecSpecificData of APacketSource.cpp, there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User...

In SmsDefaultDialog.onStart of SmsDefaultDialog.java, there is a possible escalation of privilege due to an overlay attack. This could lead to local escalation of privilege, granting privileges to a local app without the user’s informed...

The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL....

PharMetaDataInterceptor in the PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 mishandles Phar stub parsing, which allows attackers to bypass a deserialization protection mechanism. Date published : 2019-05-08 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JX7WR6DPMKCZQP7EYFACYXSGJ3K523/...

Alkacon OpenCMS v10.5.4 and before is affected by CSV (aka Excel Macro) Injection in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp) via the First Name or Last Name. Date published : 2019-05-08 https://github.com/alkacon/opencms-core/issues/636 https://www.openwall.com/lists/oss-security/2019/05/05/2

Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting (XSS) in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp). This allows an attacker to insert arbitrary JavaScript as user input (First Name or Last...

An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup. Date published : 2019-05-08 http://www.securityfocus.com/bid/108283 https://seclists.org/bugtraq/2019/Jun/26

An issue was discovered in app/webroot/js/misp.js in MISP before 2.4.107. There is persistent XSS via image names in titles, as demonstrated by a screenshot. Date published : 2019-05-08 https://github.com/MISP/MISP/commit/62f15433e42fb92e45bd57dd6fc0c0bf53deb6fc

An issue was discovered in app/View/Elements/Events/View/value_field.ctp in MISP before 2.4.107. There is persistent XSS via link type attributes with javascript:// links. Date published : 2019-05-08 https://github.com/MISP/MISP/commit/6f6fb678ca07c80cb7d2bdfe5cb0313bb71bd487

A persistent XSS issue was discovered in app/View/Helper/CommandHelper.php in MISP before 2.4.107. JavaScript can be included in the discussion interface, and can be triggered by clicking on the link. Date published : 2019-05-08 https://github.com/MISP/MISP/commit/3a085a6ceea00b3ab674a984dd56c1846ef775ff

Persistent XSS has been found in the OneShield Policy (Dragon Core) framework before 5.1.10. Remote adversaries can inject malicious JavaScript into textboxes decorated with type string, which is subsequently stored to the applicable data...