CVE-2019-15612
published 2020-02-04CVE-2019-15612: A bug in Nextcloud Server 15.0.2 causes pending 2FA logins to not be correctly expired when the password of the user is reset.
PriorityP424medium5.9CVSS 3.1
AVPACLPRLUINSUCHIHAN
EPSS
0.32%
23.8th percentile
A bug in Nextcloud Server 15.0.2 causes pending 2FA logins to not be correctly expired when the password of the user is reset.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nextcloud | nextcloud_server | — | — |
| nextcloud | nextcloud_server | >= 13.0.0 < 13.0.11 | 13.0.11 |
| nextcloud | nextcloud_server | >= 14.0.0 < 14.0.7 | 14.0.7 |
| nextcloud | nextcloud_server | >= 15.0.0 < 15.0.3 | 15.0.3 |
CVSS provenance
nvdv3.15.9MEDIUMCVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
nvdv2.03.2LOWAV:L/AC:L/Au:S/C:P/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2019-15613 CVE-2019-15612 CVE-2019-15616 CVE-2019-15617 CVE-2019-15618 CVE-2019-15621 CVE-2019-15623 CVE-2019-15624 CVE-2020-8118 CVE-2020-8119 CVE-2020-8121 CVE-2020-8122 nextcloud: Several CVEs
bugzilla·2020-02-21·CVSS 5.9
CVE-2019-15613 [MEDIUM] CVE-2019-15613 CVE-2019-15612 CVE-2019-15616 CVE-2019-15617 CVE-2019-15618 CVE-2019-15621 CVE-2019-15623 CVE-2019-15624 CVE-2020-8118 CVE-2020-8119 CVE-2020-8121 CVE-2020-8122 nextcloud: Several CVEs
CVE-2019-15613 CVE-2019-15612 CVE-2019-15616 CVE-2019-15617 CVE-2019-15618 CVE-2019-15621 CVE-2019-15623 CVE-2019-15624 CVE-2020-8118 CVE-2020-8119 CVE-2020-8121 CVE-2020-8122 nextcloud: Several CVEs fixed in nextcloud 15, 16 and 17
Several CVEs fixed in nextcloud 15, 16 and 17.
https://nextcloud.com/security/advisory/?id=NC-SA-2020-001
https://nextcloud.com/security/advisory/?id=NC-SA-2020-002
https://nextcloud.com/security/advisory/?id=NC-SA-2020-005
https://nextcloud.com/security/advisory/?id=NC-SA-2020-006
https://nextcloud.com/security/advisory/?id=NC-SA-2020-007
https://nextcloud.com/security/advisory/?id=NC-SA-2020-012
https://nextcloud.com/security/advisory/?id=NC-SA-2019-016
https://nextcloud.com/security/advisory/?id=NC-SA-2019-015
https://nextcloud.com/security/advisory/?id=NC
Bugzilla
CVE-2019-15612 CVE-2019-15613 CVE-2019-15616 CVE-2019-15617 CVE-2019-15618 CVE-2019-15621 CVE-2019-15623 CVE-2019-15624 CVE-2020-8118 CVE-2020-8119 CVE-2020-8121 CVE-2020-8122 nextcloud: Several CVEs
bugzilla·2020-02-21·CVSS 5.9
CVE-2019-15612 [MEDIUM] CVE-2019-15612 CVE-2019-15613 CVE-2019-15616 CVE-2019-15617 CVE-2019-15618 CVE-2019-15621 CVE-2019-15623 CVE-2019-15624 CVE-2020-8118 CVE-2020-8119 CVE-2020-8121 CVE-2020-8122 nextcloud: Several CVEs
CVE-2019-15612 CVE-2019-15613 CVE-2019-15616 CVE-2019-15617 CVE-2019-15618 CVE-2019-15621 CVE-2019-15623 CVE-2019-15624 CVE-2020-8118 CVE-2020-8119 CVE-2020-8121 CVE-2020-8122 nextcloud: Several CVEs fixed in nextcloud 15, 16 and 17 [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant to
Bugzilla
CVE-2019-15612 CVE-2019-15613 CVE-2019-15616 CVE-2019-15617 CVE-2019-15618 CVE-2019-15621 CVE-2019-15623 CVE-2019-15624 CVE-2020-8118 CVE-2020-8119 CVE-2020-8121 CVE-2020-8122 nextcloud: Several CVEs
bugzilla·2020-02-21·CVSS 5.9
CVE-2019-15612 [MEDIUM] CVE-2019-15612 CVE-2019-15613 CVE-2019-15616 CVE-2019-15617 CVE-2019-15618 CVE-2019-15621 CVE-2019-15623 CVE-2019-15624 CVE-2020-8118 CVE-2020-8119 CVE-2020-8121 CVE-2020-8122 nextcloud: Several CVEs
CVE-2019-15612 CVE-2019-15613 CVE-2019-15616 CVE-2019-15617 CVE-2019-15618 CVE-2019-15621 CVE-2019-15623 CVE-2019-15624 CVE-2020-8118 CVE-2020-8119 CVE-2020-8121 CVE-2020-8122 nextcloud: Several CVEs fixed in nextcloud 15, 16 and 17 [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level
Bugzilla
CVE-2019-10900 wireshark: Rbm dissector infinite loop (wnpa-sec-2019-13)
bugzilla·2019-04-09·CVSS 7.5
CVE-2019-10900 [HIGH] CVE-2019-10900 wireshark: Rbm dissector infinite loop (wnpa-sec-2019-13)
CVE-2019-10900 wireshark: Rbm dissector infinite loop (wnpa-sec-2019-13)
It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
External Referencies:
https://www.wireshark.org/security/wnpa-sec-2019-13.html
Upstream bug(s):
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15612
Discussion:
Created wireshark tracking bugs for this issue:
Affects: fedora-all [bug 1697953]
---
Upstream patch:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f273ecd5d94f0c39d1683ed147656daee3ef799b
---
Statement:
This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 8 as they did not include support for Ruby Marshal O
2020-02-04
Published