2019-03-11
ALT-BU-2019-3539-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Published: 2018-12-07
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-16861
A cross-site scripting (XSS) flaw was found in the foreman component of satellite. An attacker with privilege to create entries using the Hosts, Monitor, Infrastructure, or Administer Menus is able to execute a XSS attacks against other users, possibly leading to malicious code execution and extraction of the anti-CSRF token of higher privileged users. Foreman before 1.18.3, 1.19.1, and 1.20.0 are vulnerable.
Severity: MEDIUM (4.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
References:
Closed vulnerabilities
Published: 2019-06-07
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-19800
aubio v0.4.0 to v0.4.8 has a Buffer Overflow in new_aubio_tempo.
Severity: CRITICAL (9.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2019-06-07
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-19801
aubio v0.4.0 to v0.4.8 has a NULL pointer dereference in new_aubio_filterbank via invalid n_filters.
Severity: HIGH (7.5)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2019-06-07
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-19802
aubio v0.4.0 to v0.4.8 has a new_aubio_onset NULL pointer dereference.
Severity: HIGH (7.5)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- openSUSE-SU-2019:1618
- openSUSE-SU-2019:1618
- openSUSE-SU-2019:1624
- openSUSE-SU-2019:1624
- openSUSE-SU-2019:1834
- openSUSE-SU-2019:1834
- openSUSE-SU-2019:1852
- openSUSE-SU-2019:1852
- https://github.com/aubio/aubio/blob/0.4.9/ChangeLog
- https://github.com/aubio/aubio/blob/0.4.9/ChangeLog
- FEDORA-2019-00ca0acb47
- FEDORA-2019-00ca0acb47
- FEDORA-2019-b1157fdfdc
- FEDORA-2019-b1157fdfdc