CVE-2019-15613
published 2020-02-04CVE-2019-15613: A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes.
PriorityP335high8CVSS 3.1
AVNACLPRLUIRSUCHIHAH
EPSS
1.13%
62.4th percentile
A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nextcloud | nextcloud_server | < 15.0.14 | 15.0.14 |
| nextcloud | nextcloud_server | — | — |
| nextcloud | nextcloud_server | >= 16.0.0 < 16.0.7 | 16.0.7 |
| nextcloud | nextcloud_server | >= 17.0.0 < 17.0.2 | 17.0.2 |
| opensuse | backports | — | — |
CVSS provenance
nvdv3.18.0HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.0MEDIUMAV:N/AC:M/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2019-15613 CVE-2019-15612 CVE-2019-15616 CVE-2019-15617 CVE-2019-15618 CVE-2019-15621 CVE-2019-15623 CVE-2019-15624 CVE-2020-8118 CVE-2020-8119 CVE-2020-8121 CVE-2020-8122 nextcloud: Several CVEs
bugzilla·2020-02-21·CVSS 5.9
CVE-2019-15613 [MEDIUM] CVE-2019-15613 CVE-2019-15612 CVE-2019-15616 CVE-2019-15617 CVE-2019-15618 CVE-2019-15621 CVE-2019-15623 CVE-2019-15624 CVE-2020-8118 CVE-2020-8119 CVE-2020-8121 CVE-2020-8122 nextcloud: Several CVEs
CVE-2019-15613 CVE-2019-15612 CVE-2019-15616 CVE-2019-15617 CVE-2019-15618 CVE-2019-15621 CVE-2019-15623 CVE-2019-15624 CVE-2020-8118 CVE-2020-8119 CVE-2020-8121 CVE-2020-8122 nextcloud: Several CVEs fixed in nextcloud 15, 16 and 17
Several CVEs fixed in nextcloud 15, 16 and 17.
https://nextcloud.com/security/advisory/?id=NC-SA-2020-001
https://nextcloud.com/security/advisory/?id=NC-SA-2020-002
https://nextcloud.com/security/advisory/?id=NC-SA-2020-005
https://nextcloud.com/security/advisory/?id=NC-SA-2020-006
https://nextcloud.com/security/advisory/?id=NC-SA-2020-007
https://nextcloud.com/security/advisory/?id=NC-SA-2020-012
https://nextcloud.com/security/advisory/?id=NC-SA-2019-016
https://nextcloud.com/security/advisory/?id=NC-SA-2019-015
https://nextcloud.com/security/advisory/?id=NC
Bugzilla
CVE-2019-15612 CVE-2019-15613 CVE-2019-15616 CVE-2019-15617 CVE-2019-15618 CVE-2019-15621 CVE-2019-15623 CVE-2019-15624 CVE-2020-8118 CVE-2020-8119 CVE-2020-8121 CVE-2020-8122 nextcloud: Several CVEs
bugzilla·2020-02-21·CVSS 5.9
CVE-2019-15612 [MEDIUM] CVE-2019-15612 CVE-2019-15613 CVE-2019-15616 CVE-2019-15617 CVE-2019-15618 CVE-2019-15621 CVE-2019-15623 CVE-2019-15624 CVE-2020-8118 CVE-2020-8119 CVE-2020-8121 CVE-2020-8122 nextcloud: Several CVEs
CVE-2019-15612 CVE-2019-15613 CVE-2019-15616 CVE-2019-15617 CVE-2019-15618 CVE-2019-15621 CVE-2019-15623 CVE-2019-15624 CVE-2020-8118 CVE-2020-8119 CVE-2020-8121 CVE-2020-8122 nextcloud: Several CVEs fixed in nextcloud 15, 16 and 17 [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant to
Bugzilla
CVE-2019-15612 CVE-2019-15613 CVE-2019-15616 CVE-2019-15617 CVE-2019-15618 CVE-2019-15621 CVE-2019-15623 CVE-2019-15624 CVE-2020-8118 CVE-2020-8119 CVE-2020-8121 CVE-2020-8122 nextcloud: Several CVEs
bugzilla·2020-02-21·CVSS 5.9
CVE-2019-15612 [MEDIUM] CVE-2019-15612 CVE-2019-15613 CVE-2019-15616 CVE-2019-15617 CVE-2019-15618 CVE-2019-15621 CVE-2019-15623 CVE-2019-15624 CVE-2020-8118 CVE-2020-8119 CVE-2020-8121 CVE-2020-8122 nextcloud: Several CVEs
CVE-2019-15612 CVE-2019-15613 CVE-2019-15616 CVE-2019-15617 CVE-2019-15618 CVE-2019-15621 CVE-2019-15623 CVE-2019-15624 CVE-2020-8118 CVE-2020-8119 CVE-2020-8121 CVE-2020-8122 nextcloud: Several CVEs fixed in nextcloud 15, 16 and 17 [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level
Bugzilla
CVE-2019-10894 wireshark: GSS-API dissector crash (wnpa-sec-2019-14)
bugzilla·2019-04-09·CVSS 7.5
CVE-2019-10894 [HIGH] CVE-2019-10894 wireshark: GSS-API dissector crash (wnpa-sec-2019-14)
CVE-2019-10894 wireshark: GSS-API dissector crash (wnpa-sec-2019-14)
A crash due to an assertion failure can be observed in an ASAN build of Wireshark, by feeding a malformed file to tshark ("$ ./tshark -nVxr /path/to/file").
External Referencies:
https://www.wireshark.org/security/wnpa-sec-2019-14.html
Upstream bug(s):
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15613
Discussion:
Created wireshark tracking bugs for this issue:
Affects: fedora-all [bug 1697948]
---
Upstream patch:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8cdc95842687feee32856afba8e7087396082158
---
An assertion is reachable in call_dissector_only() in epan/packet.c, which checks whether the handle passed as argument is not NULL. In debug builds, this may just crash the applicati
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.htmlhttps://hackerone.com/reports/697959https://nextcloud.com/security/advisory/?id=NC-SA-2020-002http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.htmlhttps://hackerone.com/reports/697959https://nextcloud.com/security/advisory/?id=NC-SA-2020-002
2020-02-04
Published