This Metasploit module generates an ODT file with a mouse over event that when triggered, will execute arbitrary code.
1dbac9bc01a0968e5bd4defcfd3239c6f9cf90dfee38c29c3ff6560e99041d79
Gentoo Linux Security Advisory 201904-19 - Multiple vulnerabilities have been found in Dovecot, the worst of which could result in root privilege escalation. Versions less than 2.3.5.1 are affected.
ce3244367b87fcc80f3c1b30e2cd4f8e11bb766839c1f9b30ca32d7fdfb24186
Red Hat Security Advisory 2019-0782-01 - The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Issues addressed include code execution and deserialization vulnerabilities.
112695995622cdf7982b5f45e341346c6fb131743373fd9b1ae6014aa1e901cf
Gentoo Linux Security Advisory 201904-18 - A vulnerability in libseccomp allows for privilege escalation. Versions less than 2.4.0 are affected.
64c1326aba6403a74d274fc18185006fe5f5afbae867aee8378ac38680d7a2d1
Ubuntu Security Notice 3914-2 - USN-3914-1 fixed vulnerabilities in NTFS-3G. As an additional hardening measure, this update removes the setuid bit from the ntfs-3g binary. A heap buffer overflow was discovered in NTFS-3G when executing it with a relative mount point path that is too long. A local attacker could potentially exploit this to execute arbitrary code as the administrator. Various other issues were also addressed.
208c409ec12a3be377bfbf3abfb46eedd2b6704c6b56af1b820f340b4d82ca5c
Gentoo Linux Security Advisory 201904-17 - Multiple vulnerabilities have been found in Patch, the worst of which could result in the execution of arbitrary code. Versions less than 2.7.6-r3 are affected.
f611d1465ff71c629377f0a946b29349fec276e2a4cc800e95134e1952531f7a
A heap corruption was observed in Oracle Java Runtime Environment version 8u202 (latest at the time of this writing) while fuzz-testing the processing of TrueType fonts.
3c3d35dfc5426eaa61ae91b3e754f6e09c909445eb2f9484504d724fdedd1db5
A heap corruption was observed in Oracle Java Runtime Environment version 8u202 (latest at the time of this writing) while fuzz-testing the processing of TrueType, implemented in a proprietary t2k library.
cc1fdb072ca05f2a5b04c3cb9301fdc0fce66245b901c57e61aba6f76f5054ec
OAMbuster is a multi-threaded exploit for CVE-2018-2879.
b68302c74939716ec55aa081bbd6419f01985352ca4eb583f4c9417195876784
Red Hat Security Advisory 2019-0778-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include a slow conversion of BigDecimal to long.
5396f45bea3eb627c49258ab5c0f3243ea17dadc19e1cff73a3d79b2fa5fafbe
Red Hat Security Advisory 2019-0775-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an out of bounds access vulnerability.
df87c0ca20994cd8b674294e7f0975316462269c1e290da4858ed6b852bad9ee
Red Hat Security Advisory 2019-0774-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include an out of bounds access vulnerability.
05356c5064fc4c8320d6377262fbc8e7390666bc1448496fc0e517de3bdc1ade
Debian Linux Security Advisory 4433-1 - Several vulnerabilities have been discovered in the Rubygems included in the interpreter for the Ruby language, which may result in denial of service or the execution of arbitrary code.
e3199047134c8bcfe7382ed803154e3f50c1ae57b7e6b37aef6f86cfedc00a6d
Debian Linux Security Advisory 4432-1 - Cedric Buissart discovered two vulnerabilities in Ghostscript, the GPL PostScript/PDF interpreter, which could result in bypass of file system restrictions of the dSAFER sandbox.
51784f8be1c1e386af3b69b6266e3d0c02983e49cdfd148d34f4341856f0003c
Ubuntu Security Notice 3918-4 - USN-3918-1 fixed vulnerabilities in Firefox. The update caused web compatibility and performance issues with some websites. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, denial of service via successive FTP authorization prompts or modal alerts, trick the user with confusing permission request prompts, obtain sensitive information, conduct social engineering attacks, or execute arbitrary code. A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. If a user were tricked in to opening a specially crafted website with Spectre mitigations disabled, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. It was discovered that Upgrade-Insecure-Requests was incorrectly enforced for same-origin navigation. An attacker could potentially exploit this to conduct man-in-the-middle attacks. Various other issues were also addressed.
5b4f9b2b76b002e143884e0796cad669d48126daf811297c19395adffd7ed1c4
DHCP Server version 2.5.2 suffers from a denial of service vulnerability.
60761f6a7cd8f8932e61462c57456faaef43add0623b17e39ba208e5aac27e5a
ASUS HG100 suffers from a denial of service vulnerability.
118b077cce2f6f305f8ed7084fa284e217f384e8566233b52b812c3044df38bf
WordPress Download Manager plugin version 2.9.93 suffers from a cross site scripting vulnerability.
58e68c5aaf1ba7d33419334c5f36d1609261c0030b7568b509908ebe57ea2a83
2 Plan Team version 1.0.4 suffers from a cross site scripting vulnerability.
63b3003eb85af737cdd929e522c0be77dc9128f2cd9afe32efc316e4b8e52599