The RDP termdd.sys driver improperly handles binds to internal-only channel MS_T120, allowing a malformed Disconnect Provider Indication message to cause a use-after-free. With a controllable data/size remote nonpaged pool spray, an indirect call gadget of the freed channel is used to achieve arbitrary code execution.
4069a796ff839c408647778ed5820d03
Red Hat Security Advisory 2019-2818-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
4bbcd1a3151ff9cd335ad81979f493be
Ubuntu Security Notice 4137-1 - It was discovered that Mosquitto incorrectly handled certain specially crafted input and network packets. A remote attacker could use this to cause a denial of service.
8f648e2182d75b525f88d9d4872eb76a
Piwigo versions 2.9.5 and below suffer from cross site scripting, command execution, and remote SQL injection vulnerabilities.
d7bfbdd2fe5f80541115d580e6a6a0d9
XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications. It contains several options to try to bypass certain filters, and various special techniques of code injection.
324812279a9a7ad481bb1cfb3ce8b527
Peter Pi discovered a buffer overflow in the virtio network backend (vhost_net) implementation in the Linux kernel. An attacker in a guest may be able to use this to cause a denial of service (host OS crash) or possibly execute arbitrary code in the host OS.
4445ce7fa5ca560dafec0ff9b45ccb45
Ubuntu Security Notice 4134-2 - USN-4134-1 fixed a vulnerability in IBus. The security fix introduced a regression when being used with Qt applications. This update reverts the security fix pending further investigation. Simon McVittie discovered that IBus did not enforce appropriate access controls on its private D-Bus socket. A local unprivileged user who discovers the IBus socket address of another user could exploit this to capture the key strokes of the other user. Various other issues were also addressed.
f3dd6bb956db553071cad73e67c6b26c
Red Hat Security Advisory 2019-2867-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a buffer overflow vulnerability.
eb16fadbf1185e40445c587dc2feb2fc
Red Hat Security Advisory 2019-2869-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a buffer overflow vulnerability.
32b97ad6c4ca914b9bb2c33171060d5f
Red Hat Security Advisory 2019-2868-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. Issues addressed include a bypass vulnerability.
c4b963668d758f653d9bbdfea3dc785e
Red Hat Security Advisory 2019-2870-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. Issues addressed include a bypass vulnerability.
1fef64aa032ea64d788c049ea3f22f91
Red Hat Security Advisory 2019-2864-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a buffer overflow vulnerability.
3185f9d395d79ded747ac36d26d65188
Red Hat Security Advisory 2019-2866-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a buffer overflow vulnerability.
98a078b0c517c910121ecbdbb0b303bb
Red Hat Security Advisory 2019-2865-01 - This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. Issues addressed include a buffer overflow vulnerability.
454af124da2f0eea5ab532c6d2c47185
Red Hat Security Advisory 2019-2863-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a buffer overflow vulnerability.
f857e7c2f40136e09ec1e74e43475370
Red Hat Security Advisory 2019-2862-01 - The kernel-alt packages provide the Linux kernel version 4.x. Issues addressed include a buffer overflow vulnerability.
f05fccbe189859365ff54303740a7020
Debian Linux Security Advisory 4529-1 - Multiple security issues were found in PHP, a widely-used open source extension and the iconv_mime_decode_headers() function could result in information disclosure or denial of service.
f583acc45bad01ccf4ef3aeecb05cc02
Debian Linux Security Advisory 4530-1 - It was discovered that Expat, an XML parsing C library, did not properly handled internal entities closing the doctype, potentially resulting in denial of service or information disclosure if a malformed XML file is processed.
46605aaeb0520732e87ed7642f827b3d
HPE Intelligent Management Center versions prior to 7.3 E0506P09 suffer from an information disclosure vulnerability.
cd1a82ef494a2ecbe81e52a05a81473c
Gila CMS versions prior to 1.11.1 suffer from a local file inclusion vulnerability.
ce5dec0eb4e015a8c838b87741efe71c