ASA-2019-00575 – Oracle Solaris: Local privilege escalation via xscreensaver

Exploitation of a design error vulnerability in xscreensaver, as distributed with Solaris 11.x, allows local attackers to create (or append to) arbitrary files on the system, by abusing the -log command line switch introduced in version 5.06. This flaw can be leveraged to cause a denial of service condition or to escalate privileges to root, as shown in the following screenshot.

ASA-2019-00574 – libssh2: Out-of-bounds read when connecting to a malicious SSH server

There is an out-of-bounds read vulnerability, potentially leading to either denial of service or remote information disclosure. It is triggered when libssh2 is used to connect to a malicious SSH server. The overflow occurs when the SSH server sends a disconnect message, which means that the vulnerability can be triggered early in the connection process, before authentication is completed.

ASA-2019-00571 – Kubernetes: API Server JSON/YAML parsing vulnerable to resource exhaustion attack

Denial of service vulnerability in the kube-apiserver, allowing authorized users sending malicious YAML or JSON payloads to cause kube-apiserver to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability.