Ubuntu Security Notice 4057-1 - Mike Salvatore discovered that Zipios mishandled certain malformed ZIP files. An attacker could use this vulnerability to cause a denial of service or consume system resources.
70b208b9719bfbf5019cc1c5d3a3077e5f7f19c66e76de4b1f51bed7d3502bfc
Slackware Security Advisory - New bzip2 packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
00866bf2e5233b7f677d14e90626aa037c9e605450c8c334a00f345e5e7dcabb
Ubuntu Security Notice 4056-1 - It was discovered that Exiv2 incorrectly handled certain PSD files. An attacker could possibly use this issue to cause a denial of service. It was discovered that Exiv2 incorrectly handled certain PNG files. An attacker could possibly use this issue to cause a denial of service. It was discovered that Exiv2 incorrectly handled certain CRW files. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.
0efef37b8542ae46f5e1d82b6156d3993f73e9337a7913db88a6969a5cee8653
There exists a privilege escalation vulnerability for Windows 10 builds prior to build 17763. Due to the AppXSvc's improper handling of hard links, a user can gain full privileges over a SYSTEM-owned file. The user can then utilize the new file to execute code as SYSTEM. This Metasploit module employs a technique using the Diagnostics Hub Standard Collector Service (DiagHub) which was discovered by James Forshaw to load and execute a DLL as SYSTEM.
768fb56de1ec7de8dd28e560c3995953fbeca7925352b92e82d879e144ae0251
This Metasploit module exploits a vulnerability in the PHP Laravel Framework for versions 5.5.40, 5.6.x up to 5.6.29. Remote command execution is possible via a correctly formatted HTTP X-XSRF-TOKEN header, due to an insecure unserialize call of the decrypt method in Illuminate/Encryption/Encrypter.php. Authentication is not required, however exploitation requires knowledge of the Laravel APP_KEY. Similar vulnerabilities appear to exist within Laravel cookie tokens based on the code fix. In some cases the APP_KEY is leaked which allows for discovery and exploitation.
89a708ff133e6615ee3040a41d60178a5e2e6c21344ec723424eb420b1cc5b8c
Debian Linux Security Advisory 4482-1 - Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code, cross-site scripting, spoofing, information disclosure, denial of service or cross-site request forgery.
69c08ed8e390352134d4e82107d271ecf374e44e67e179253d8ed85a27bb2c5c
Microsoft Windows suffers from an HTTP to SMB NTLM reflection that leads to a privilege escalation.
9c438d49a171f163f1fef4b8312a6ae876fbc9dbe34a835fb20edf950b89e9d0
Citrix SD-WAN Appliance version 10.2.2 suffers from authentication bypass and remote command execution vulnerabilities.
35d49241776f0e93fd18d36ff74eb03319d7260a004bea11c110838e3f48883e
Red Hat Security Advisory 2019-1777-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.8.0. Issues addressed include cross site scripting and use-after-free vulnerabilities.
ded784e6b90862954f145c1efb4dfc722d729e15ce361cac0bf44b2f60382523
Ubuntu Security Notice 4055-1 - Mike Salvatore discovered that FlightCrew improperly handled certain malformed EPUB files. An attacker could potentially use this vulnerability to cause a denial of service. Mike Salvatore discovered that FlightCrew mishandled certain malformed EPUB files. An attacker could use this vulnerability to write arbitrary files to the filesystem. Mike Salvatore discovered that the version of Zipios included in FlightCrew mishandled certain malformed ZIP files. An attacker could use this vulnerability to cause a denial of service or consume system resources. Various other issues were also addressed.
60b71eb50ad6279e40181df1c81e37ae054f0b1496e9e2137ca762d3b2d7e44b
Streamripper version 2.6 Song Pattern buffer overflow exploit.
ef83fc76efb2de2e63f756763b24c71a9ec0d5274e3cb615c01c2164e72a8401
Red Hat Security Advisory 2019-1774-01 - Vim is an updated and improved version of the vi editor. An arbitrary command execution vulnerability has been addressed.
6bff7b2b95c046972259678d6145ee78c4a7d1b21f8edfec36eb6b3a435531af
Netgear WiFi router versions JWNR2010v5 and R6080 suffer from authentication bypass vulnerabilities.
034ed9038532a99e6b030d733d008140314fd60b1ed467dfb1ef4e92b0fb1609
Red Hat Security Advisory 2019-1775-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.8.0. Issues addressed include cross site scripting and use-after-free vulnerabilities.
1e7c25d77690089f3f49e76d127be073424e1d90116b742f6b339c94ab914f46
Red Hat Security Advisory 2019-1771-01 - The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and SIEVE support. Issues addressed include a buffer overflow vulnerability.
e87998711b3290fed1dc7b6c512e4c0700288e9f62ee6edb793843b8447f2f99
VideoPlayer on Android versions 7 through 9 suffer from an ihevcd_parse_pps out-of-bounds write vulnerability.
641316a0c31ea9598297b3208706dd4ecbdd3747d0c8cf2d223873bb200df9dd
Microsoft Windows Remote Desktop BlueKeep denial of service exploit.
fd14625fe2ae16af44ddb6f7a27ab38b1fdc86ac051a831939a1eb569a859ea5
FlightPath versions prior to 4.8.2 and 5.0-rc2 suffer from a local file inclusion vulnerability.
07738ede136a142d28fdc06fa42ca4d54570a90969c3620af9f5b970d8f9a4b7
PCMan FTP Server 2 ALLO remote buffer overflow exploit.
fbcd68a7373c40b1b827eaa08871e787dbfd381398eaa3428cf4c71ecb575677
Cisco Small Business switches versions 200, 300, and 500 suffer from information leakage and open redirection vulnerabilities.
2bb0ac94980c464d3bdf481b45f48e9917e275cf0b9cfd65dffcfed0b11c7913