OS X update for Automator (CVE-2018-4468) Vulnerability
- Severity: 4
- Published: February 19, 2019
The Rapid7 Vulnerability Database is a list of 70,000 vulnerabilities for security analyst and researchers to identify and address known security issues through vulnerability management solutions. Each vulnerability has links to relevant groups like Mitre and other CVE Numbering Authorities as well as additional technical documentation. These vulnerabilities are utilized by our vulnerability management tool Nexpose and provided here for additional visibility.
Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.
From SUSE_CVE-2019-6778:
This CVE is addressed in the SUSE advisories SUSE-SU-2019:13962-1.
An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua.
Debian: CVE-2019-5785: firefox-esr -- security update
NULL pointer dereference using a specially crafted X509 certificate
In parser/btorsmt2.c in Boolector 3.0.0, opening a specially crafted input file leads to a use after free in get_failed_assumptions or btor_delete.
Incorrect authorization in admin backend allows privileged users to read and modify arbitrary files without prompting for password
Debian: CVE-2019-6996: gitlab -- security update
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful ...