Debian Linux Security Advisory 4499-1 - Netanel reported that the .buildfont1 procedure in Ghostscript, the GPL PostScript/PDF interpreter, does not properly restrict privileged calls, which could result in bypass of file system restrictions of the dSAFER sandbox.
dce42f1c15de7b1def39503e6664bd55afc37a0c207e79ef301442185c7d0bb2
Red Hat Security Advisory 2019-2465-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.
1bfa744090c4523f663fd8c77c22c8f1d1ea49d480980ee8930a1e66ceb824a7
Red Hat Security Advisory 2019-2462-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.
8fb3139310ca7b2b448c0db586a1c8e5d28f55954af52057544a284caf6d8e78
Ubuntu Security Notice 4092-1 - Netanel Fisher discovered that the font handler in Ghostscript did not properly restrict privileged calls when '-dSAFER' restrictions were in effect. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files.
045ac04ad356601247612be2e749f35a0449a3404a1e8cfb4ce8f03d6b8d64f0
WebKit suffers from a universal cross site scripting vulnerability via XSLT and nested document replacements.
abc82a98542f87bc9b86b25a54fdb246cadf7b93e9bfa89e200caa30e3415461
This Metasploit module exploits SQL injection and command injection vulnerabilities in the ManageEngine Application Manager versions 14.2 and below.
e517b45142b3447dbab8ec2a891e10876f6c09291a138de7f5a84363ffe2c8c1
Joomla JS Support Ticket component version 1.1.6 suffers from a remote SQL injection vulnerability in ticketreply.php.
213a017be91f4b2105974e537a709ecfaac01e0035d2ac7a0770e99035de9811
BSI Advance Hotel Booking System version 2.0 suffers from a persistent cross site scripting vulnerability in booking_details.php.
49c2147b939ccb27aedc41a4220c7bb4bf089ba4d835ba734eb893216bbf0d60
This Metasploit module exploits SQL injection and command injection vulnerability in the OpManager versions 12.4.034 and below.
fc57c3cfc093c3e5df0726909ea0618e1444102b4b8d154f2216ed157bc46225
VxWorks version 6.8 suffers from an integer underflow vulnerability.
1f311cc4d1a16d238fc837c326c95ed3d599ea7c826e3ecb1485e5e7136216e4
This Metasploit module bypasses the user password requirement in the OpManager versions 12.4.034 and below. It performs authentication bypass and executes commands on the server.
0b10df1665aeb6bf150dfd60da9fbbcaa339ab52f578cd7f8af7b97ef10ca2a8
This Metasploit module exploits an arbitrary command execution vulnerability in Webmin versions 1.920 and below. If the password change module is turned on, the unauthenticated user can execute arbitrary commands with root privileges.
ec772fb6a45fb88e2351faaab0600ee20a86b66126a1ccf91608cd56b9347361
Joomla JS Support Ticket component version 1.1.6 suffers from an arbitrary file deletion vulnerability in ticket.php.
94e89c0d5467b5113ad4752d8b9da422373f83bd3bae56e8e65bb7406649eb1f
UNA version 10.0.0 RC1 suffers from a persistent cross site scripting vulnerability in polyglot.php.
e5256b578b274aaf68a41ee33a072fae920639e4f32a32ad3e061c9f3af6ca4b
This Metasploit module exploits a security vulnerability in Cisco ASA that would allow an attacker to view sensitive system information without authentication by using directory traversal techniques.
ccf085e5a044cb918fae95c5556ebbf021851f7abfb9c7fab3ef667e68647642
Joomla JS Jobs component version 1.2.5 suffers from a remote SQL injection vulnerability in cities.php.
c7ddd9531942beee708545b44d1c7185102db12d2f392709e7f60afad09b689d
Ghidra (Linux) version 9.0.4 suffers from a .gar related arbitrary code execution vulnerability.
d8d7c325d350b463017b38852324eca682609da29b6f5b3ea847494efb0bee38
Debian Linux Security Advisory 4498-1 - Several vulnerabilities were discovered in python-django, a web development framework. They could lead to remote denial-of-service or SQL injection,
8950007ecfea59b7cbbc514a74b09f7c96ccbc00236501de400b0532a6846a64
Debian Linux Security Advisory 4496-1 - Benno Fuenfstueck discovered that Pango, a library for layout and rendering of text with an emphasis on internationalization, is prone to a heap-based buffer overflow flaw in the pango_log2vis_get_embedding_levels function. An attacker can take advantage of this flaw for denial of service or potentially the execution of arbitrary code.
08873062b1ae654980aee26f9f341f243ba2372412e9e64efa7a44e4eea86c3e
Debian Linux Security Advisory 4495-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
c9cffe5ad30be525cc930f197d8f2f4324ebd95c48fa3bbf6a68ef2df2511752
Debian Linux Security Advisory 4494-1 - Dominik Penner discovered that KConfig, the KDE configuration settings framework, supported a feature to define shell command execution in .desktop files. If a user is provided with a malformed .desktop file (e.g. if it's embedded into a downloaded archive and it gets opened in a file browser) arbitrary commands could get executed. This update removes this feature.
cffdf8b2f8be70b1d490457cf9c87e48056edad5fc1ecd56c620082e3c680957
Ubuntu Security Notice 4091-1 - It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service.
4be4b969f0389306674006b80826f192f2a7f5a957941f2ec8bd81c4b89f3cdd
Red Hat Security Advisory 2019-2439-01 - The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal. Integer overflow, leaked credential, and padding oracle vulnerabilities were addressed.
cbac1f94d13e509c3c566a15a3b675f1a4bc70820c5f49e848ebabf61c32bc7b
Red Hat Security Advisory 2019-2437-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a denial of service vulnerability.
f40cbaf735073c48fac04cf4f3c79efaa6a492f90523a8288de1eab0cd4f7637
Red Hat Security Advisory 2019-2433-01 - Cockpit is a Linux system administration tool with a web UI, easy setup, and minimal system footprint at runtime. When installed on hosts in Red Hat Virtualization, it provides monitoring and management functions beyond those available in the Administration Portal. Cockpit is installed by default on Red Hat Virtualization Host. A plain text password issue was addressed.
45671cf4ad620e5859d293af3b9c6295ae722c5b762aab7e8a78d3ca404672da