XNU suffers from a use-after-free vulnerability due to a stale pointer left by in6_pcbdetach.
a4597bf5b2e139422599f9470288ee0aVisual Voicemail for iPhone suffers from a use-after-free vulnerability in IMAP NAMESPACE processing.
ee209f50afa19dc15f5533506c05c21cJSC DFG's doesGC() is incorrect about the HasIndexedProperty operation's behavior on StringObjects.
447815ba563e6a4e43af5179de5f3476Revive Adserver versions prior to 4.2.1 make use of a cryptographically weak pseudo-random number generator.
243ddb693ca68519a086c8cd8298b3ffDarktrace Enterprise Immune System versions 3.0.9 and 3.0.10 contain multiple cross site request forgery vulnerabilities. It is highly likely that older versions are affected as well, but this has not been confirmed. An attacker can whitelist domains and/or change core Darktrace configuration.
be5c3f64b5b2fcf3157da5bda8fa15d8WebKitGTK+ and WPE WebKit suffer from multiple memory corruption vulnerabilities and various other issues that can lead to code execution. Multiple versions are affected.
4efa5f06b30e1cade3b477e41a750ae0Ubuntu Security Notice 3991-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, trick the user in to launching local executable binaries, obtain sensitive information, conduct cross-site scripting attacks, or execute arbitrary code. Various other issues were also addressed.
d157c03ec1158e7291ba7c7c580166d3Red Hat Security Advisory 2019-1258-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL.
e1b67a4de4e612ce79ecbb4325fe39f6Ubuntu Security Notice 3989-1 - It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw to crash, resulting in a denial of service, or possibly execute arbitrary code.
d5189c41505b661562b0874a548d01ddUbuntu Security Notice 3990-1 - It was discovered that urllib3 incorrectly removed Authorization HTTP headers when handled cross-origin redirects. This could result in credentials being sent to unintended hosts. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. It was discovered that urllib3 incorrectly stripped certain characters from requests. A remote attacker could use this issue to perform CRLF injection. Various other issues were also addressed.
3d059044008da4cd52c623f4b0a8855bXNU suffers from a wild-read (and possible corruption) due to bad cast in stf_ioctl.
82933fea5ae121113514f59c5ffb704cThe Microsoft Windows kernel's Registry Virtualization does not safely open the real key for a virtualization location leading to enumerating arbitrary keys resulting in privilege escalation.
b9ac41d7a345cbb537b2a935197cf91bJavaScriptCore loop-invariant code motion (LICM) in DFG JIT leaves a stack variable uninitialized.
e3d6af3254ffc8f7e66b61e4895a6d8aJavaScriptCore AIR optimization incorrectly removes assignment to register.
fbb7e0f88cf0da1880e1e46b1ff5975aSecurity controls configured via php.ini directives at the PHP_INI_SYSTEM level are ineffective as they could be bypassed by malicious scripts via writing their own process memory on the Linux platform. Proof of concept code included.
f04fc6f6465d117497efa31d8a63fc4eTP-LINK TL-WR840N version 5 00000005 suffers from a cross site scripting vulnerability.
48977e99200685a1db7f01170a2a6e98Slims CMS Akasia version 8.3.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
b206a2df6f22213d6d130b50f86b3892Oracle CTI Web Service suffers from an EBS_ASSET_HISTORY_OPERATIONS XML external entity injection vulnerability.
296042732d76b490a480f9520983df96Deluge version 1.3.15 Webseeds and URL proof of concept denial of service exploits.
9f64dbbdfac374bc0b620f626702b39eMoodle Jmol Filter version 6.1 suffers from cross site scripting and directory traversal vulnerabilities.
4394b07dc0b5272a5830b271519acd42WordPress WPGraphQL plugin version 0.2.3 suffers from authentication bypass and information disclosure vulnerabilities.
00674b4c808d439be8b1a8128e2dd1b6
© 2019 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed