The RDP termdd.sys driver improperly handles binds to internal-only channel MS_T120, allowing a malformed Disconnect Provider Indication message to cause a use-after-free. With a controllable data/size remote nonpaged pool spray, an indirect call gadget of the freed channel is used to achieve arbitrary code execution.
1aecbe52ce929c3de3a4cf90e7b8a03dc74a2a1edd4797fbc7bf61bee611bb3c
Red Hat Security Advisory 2019-2818-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
eaa2bb7009ff0ab3fd22900ac501cd5240d2dc14ed1df1b19dd2cddd80a22e71
Ubuntu Security Notice 4137-1 - It was discovered that Mosquitto incorrectly handled certain specially crafted input and network packets. A remote attacker could use this to cause a denial of service.
5250bcb1182c1d0d33e030bdfda7fd67002a5b72a774c61452d8e1ded0b73155
Piwigo versions 2.9.5 and below suffer from cross site scripting, command execution, and remote SQL injection vulnerabilities.
b600b5958b0ee6dee3f9d65b7bdd5d3dfc7b58658165a1ff9a81bb89f53f20c0
XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications. It contains several options to try to bypass certain filters, and various special techniques of code injection.
478be92d5c9e1ba6b94ccdffa1be0df350845ddd37a99028c4a0e492b56ce00e
Peter Pi discovered a buffer overflow in the virtio network backend (vhost_net) implementation in the Linux kernel. An attacker in a guest may be able to use this to cause a denial of service (host OS crash) or possibly execute arbitrary code in the host OS.
2ae10bdb1c9632e027b75b76ad2d6e3b299967f41342245c237b87d05be2b799
Ubuntu Security Notice 4134-2 - USN-4134-1 fixed a vulnerability in IBus. The security fix introduced a regression when being used with Qt applications. This update reverts the security fix pending further investigation. Simon McVittie discovered that IBus did not enforce appropriate access controls on its private D-Bus socket. A local unprivileged user who discovers the IBus socket address of another user could exploit this to capture the key strokes of the other user. Various other issues were also addressed.
fa395c3d7ab0a2256ae4828f24328bb7eb5fb2463a264c6fe9af184650ef53e6
Red Hat Security Advisory 2019-2867-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a buffer overflow vulnerability.
343fdcfb34bd36f32d506bd5fcb98fa94281b6239b89c4fb2587ac4197246b32
Red Hat Security Advisory 2019-2869-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a buffer overflow vulnerability.
8634149dd9a7b7c9ad1519a123ab762b1a8bfcaef2043b3b61b267f6f4cc7eaf
Red Hat Security Advisory 2019-2868-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. Issues addressed include a bypass vulnerability.
dea2e8d4ae59d3978ba5d2188a666212eddea2eb7a10021a8e4a5828e0e27c63
Red Hat Security Advisory 2019-2870-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. Issues addressed include a bypass vulnerability.
e9ea25d685363eeff9cbc7ec5c87c05a00dd211614e0796fef800c3c49b86184
Red Hat Security Advisory 2019-2864-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a buffer overflow vulnerability.
9c7e9c01f4fcf7c8c0f670b7cc0101ade0f73202de2050a085bb20d19a25525c
Red Hat Security Advisory 2019-2866-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a buffer overflow vulnerability.
96342d9ea7ec9697d824aeb62df7540fa5da382921d3c2aba9909b0247a35b06
Red Hat Security Advisory 2019-2865-01 - This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. Issues addressed include a buffer overflow vulnerability.
1622d04a6345fd45798a8cfd130ab3b855a18bc7e0997986b33418f0cca88ec9
Red Hat Security Advisory 2019-2863-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a buffer overflow vulnerability.
167f7657d299a8075717ac734c05c931ae269f68ab825f3e15e2392164d36225
Red Hat Security Advisory 2019-2862-01 - The kernel-alt packages provide the Linux kernel version 4.x. Issues addressed include a buffer overflow vulnerability.
83d9f2e9d8856e1cb9622f2b8aba3c51056bd7630f89cfbea90f941d12799be0
Debian Linux Security Advisory 4529-1 - Multiple security issues were found in PHP, a widely-used open source extension and the iconv_mime_decode_headers() function could result in information disclosure or denial of service.
92f9d6246c177743c60e4da81d278ce18966b0847c80bc6c0e8b792628677a74
Debian Linux Security Advisory 4530-1 - It was discovered that Expat, an XML parsing C library, did not properly handled internal entities closing the doctype, potentially resulting in denial of service or information disclosure if a malformed XML file is processed.
9cee2c8942bc273319fe7a37df2b71158ae6eace203f2937cc0905f3d5645df1
HPE Intelligent Management Center versions prior to 7.3 E0506P09 suffer from an information disclosure vulnerability.
65fc0f774a58acc28508f97e744edccbab854d94e701fd276f5e07b5f0cc72f9
Gila CMS versions prior to 1.11.1 suffer from a local file inclusion vulnerability.
22e0a1101068baf0503e80cd1e0d344ee677b4dc56a7fc0a9b7662fcb933b1d2