CVE-2019-1477: An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers, aka 'Windows…

CVE-2019-1477 [HIGH] GHSA-h6wq-g4g8-r6jh: An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers, aka 'Wi An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers, aka 'Windows Printer Service Elevation of Privilege Vulnerability'.

CVE-2019-1477 [HIGH] Windows Printer Service Elevation of Privilege Vulnerability Windows Printer Service Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers. An authenticated attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Windows Printer Service validates file paths. Microsoft Windows: Microsoft Windows Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;L

[HIGH] Microsoft Patch Tuesday — Dec. 2019: Vulnerability disclosures and Snort coverage ## Microsoft Patch Tuesday — Dec. 2019: Vulnerability disclosures and Snort coverage By Jon Munshaw. Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 25 vulnerabilities, two of which are considered critical. This month’s security update covers security issues in a variety of Microsoft services and software, including Remote Desktop Protocol, Hyper-V and multiple Microsoft Office products. Talos also released a new set of SNORTⓇ rules that provide coverage for some of these vulnerabilities. For more, check out the Snort blog post here . ## Critical vulnerabilities Microsoft disclosed two critical vulnerabilities this month, both of which we will highlight b

[HIGH] Microsoft Patch Tuesday — Dec. 2019: Vulnerability disclosures and Snort coverage By Jon Munshaw. Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 25 vulnerabilities, two of which are considered critical. This month’s security update covers security issues in a variety of Microsoft services and software, including Remote Desktop Protocol, Hyper-V and multiple Microsoft Office products. Talos also released a new set of SNORTⓇ rules that provide coverage for some of these vulnerabilities. For more, check out the Snort blog post here. ### Critical vulnerabilities Microsoft disclosed two critical vulnerabilities this month, both of which we will highlight below. CVE-2019-1468 is a remote code execution vulnerability in the Windows font libr

CVE-2019-5836 [HIGH] CVE-2019-5836 chromium-browser: Heap buffer overflow in Angle CVE-2019-5836 chromium-browser: Heap buffer overflow in Angle A heap buffer overflow flaw was found in the Angle component of the Chromium browser. Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=947342 External References: https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html Discussion: Created chromium tracking bugs for this issue: Affects: epel-7 [bug 1718272] Affects: fedora-all [bug 1718271] --- This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2019:1477 https://access.redhat.com/errata/RHSA-2019:1477

CVE-2019-5839 [MEDIUM] CVE-2019-5839 chromium-browser: Incorrect handling of certain code points in Blink CVE-2019-5839 chromium-browser: Incorrect handling of certain code points in Blink An incorrect handling of certain code points flaw was found in the Blink component of the Chromium browser. Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=925614 External References: https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html Discussion: Created chromium tracking bugs for this issue: Affects: epel-7 [bug 1718272] Affects: fedora-all [bug 1718271] --- This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2019:1477 https://access.redhat.com/errata/RHSA-2019:1477

CVE-2019-5840 [MEDIUM] CVE-2019-5840 chromium-browser: Popup blocker bypass CVE-2019-5840 chromium-browser: Popup blocker bypass The following flaw was identified in the Chromium browser: Popup blocker bypass. Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=951782 External References: https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html Discussion: Created chromium tracking bugs for this issue: Affects: epel-7 [bug 1718272] Affects: fedora-all [bug 1718271] --- This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2019:1477 https://access.redhat.com/errata/RHSA-2019:1477

CVE-2019-5838 [MEDIUM] CVE-2019-5838 chromium-browser: Overly permissive tab access in Extensions CVE-2019-5838 chromium-browser: Overly permissive tab access in Extensions An overly permissive tab access flaw was found in the Extensions component of the Chromium browser. Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=893087 External References: https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html Discussion: Created chromium tracking bugs for this issue: Affects: epel-7 [bug 1718272] Affects: fedora-all [bug 1718271] --- This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2019:1477 https://access.redhat.com/errata/RHSA-2019:1477

CVE-2019-5831 [HIGH] CVE-2019-5831 chromium-browser: Incorrect map processing in V8 CVE-2019-5831 chromium-browser: Incorrect map processing in V8 An incorrect map processing flaw was found in the V8 component of the Chromium browser. Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=950328 External References: https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html Discussion: Created chromium tracking bugs for this issue: Affects: epel-7 [bug 1718272] Affects: fedora-all [bug 1718271] --- This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2019:1477 https://access.redhat.com/errata/RHSA-2019:1477

CVE-2019-5830 [MEDIUM] CVE-2019-5830 chromium-browser: Incorrectly credentialed requests in CORS CVE-2019-5830 chromium-browser: Incorrectly credentialed requests in CORS An incorrectly credentialed requests flaw was found in the CORS component of the Chromium browser. Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=665766 External References: https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html Discussion: Created chromium tracking bugs for this issue: Affects: epel-7 [bug 1718272] Affects: fedora-all [bug 1718271] --- This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2019:1477 https://access.redhat.com/errata/RHSA-2019:1477

CVE-2019-5833 [MEDIUM] CVE-2019-5833 chromium-browser: Inconsistent security UI placement CVE-2019-5833 chromium-browser: Inconsistent security UI placement The following flaw was identified in the Chromium browser: Inconsistent security UI placement. Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=945067 External References: https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html Discussion: Created chromium tracking bugs for this issue: Affects: epel-7 [bug 1718272] Affects: fedora-all [bug 1718271] --- This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2019:1477 https://access.redhat.com/errata/RHSA-2019:1477

CVE-2019-5829 [HIGH] CVE-2019-5829 chromium-browser: Use after free in Download Manager CVE-2019-5829 chromium-browser: Use after free in Download Manager An use after free flaw was found in the Download Manager component of the Chromium browser. Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=958533 External References: https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html Discussion: Created chromium tracking bugs for this issue: Affects: epel-7 [bug 1718272] Affects: fedora-all [bug 1718271] --- This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2019:1477 https://access.redhat.com/errata/RHSA-2019:1477

CVE-2019-5828 [HIGH] CVE-2019-5828 chromium-browser: Use after free in ServiceWorker CVE-2019-5828 chromium-browser: Use after free in ServiceWorker An use after free flaw was found in the ServiceWorker component of the Chromium browser. Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=956597 External References: https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html Discussion: Created chromium tracking bugs for this issue: Affects: epel-7 [bug 1718272] Affects: fedora-all [bug 1718271] --- This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2019:1477 https://access.redhat.com/errata/RHSA-2019:1477

CVE-2019-5835 [MEDIUM] CVE-2019-5835 chromium-browser: Out of bounds read in Swiftshader CVE-2019-5835 chromium-browser: Out of bounds read in Swiftshader An out of bounds read flaw was found in the Swiftshader component of the Chromium browser. Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=939239 External References: https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html Discussion: Created chromium tracking bugs for this issue: Affects: epel-7 [bug 1718272] Affects: fedora-all [bug 1718271] --- This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2019:1477 https://access.redhat.com/errata/RHSA-2019:1477

CVE-2019-5832 [MEDIUM] CVE-2019-5832 chromium-browser: Incorrect CORS handling in XHR CVE-2019-5832 chromium-browser: Incorrect CORS handling in XHR An incorrect cors handling flaw was found in the XHR component of the Chromium browser. Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=959390 External References: https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html Discussion: Created chromium tracking bugs for this issue: Affects: epel-7 [bug 1718272] Affects: fedora-all [bug 1718271] --- This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2019:1477 https://access.redhat.com/errata/RHSA-2019:1477

CVE-2019-5837 [MEDIUM] CVE-2019-5837 chromium-browser: Cross-origin resources size disclosure in Appcache CVE-2019-5837 chromium-browser: Cross-origin resources size disclosure in Appcache A cross-origin resources size disclosure flaw was found in the Appcache component of the Chromium browser. Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=918293 External References: https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html Discussion: Created chromium tracking bugs for this issue: Affects: epel-7 [bug 1718272] Affects: fedora-all [bug 1718271] --- This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2019:1477 https://access.redhat.com/errata/RHSA-2019:1477