The RDP termdd.sys driver improperly handles binds to internal-only channel MS_T120, allowing a malformed Disconnect Provider Indication message to cause a use-after-free. With a controllable data/size remote nonpaged pool spray, an indirect call gadget of the freed channel is used to achieve arbitrary code execution.
1aecbe52ce929c3de3a4cf90e7b8a03dc74a2a1edd4797fbc7bf61bee611bb3cRed Hat Security Advisory 2019-2818-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
eaa2bb7009ff0ab3fd22900ac501cd5240d2dc14ed1df1b19dd2cddd80a22e71Ubuntu Security Notice 4137-1 - It was discovered that Mosquitto incorrectly handled certain specially crafted input and network packets. A remote attacker could use this to cause a denial of service.
5250bcb1182c1d0d33e030bdfda7fd67002a5b72a774c61452d8e1ded0b73155Piwigo versions 2.9.5 and below suffer from cross site scripting, command execution, and remote SQL injection vulnerabilities.
b600b5958b0ee6dee3f9d65b7bdd5d3dfc7b58658165a1ff9a81bb89f53f20c0XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications. It contains several options to try to bypass certain filters, and various special techniques of code injection.
478be92d5c9e1ba6b94ccdffa1be0df350845ddd37a99028c4a0e492b56ce00ePeter Pi discovered a buffer overflow in the virtio network backend (vhost_net) implementation in the Linux kernel. An attacker in a guest may be able to use this to cause a denial of service (host OS crash) or possibly execute arbitrary code in the host OS.
2ae10bdb1c9632e027b75b76ad2d6e3b299967f41342245c237b87d05be2b799Ubuntu Security Notice 4134-2 - USN-4134-1 fixed a vulnerability in IBus. The security fix introduced a regression when being used with Qt applications. This update reverts the security fix pending further investigation. Simon McVittie discovered that IBus did not enforce appropriate access controls on its private D-Bus socket. A local unprivileged user who discovers the IBus socket address of another user could exploit this to capture the key strokes of the other user. Various other issues were also addressed.
fa395c3d7ab0a2256ae4828f24328bb7eb5fb2463a264c6fe9af184650ef53e6Red Hat Security Advisory 2019-2867-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a buffer overflow vulnerability.
343fdcfb34bd36f32d506bd5fcb98fa94281b6239b89c4fb2587ac4197246b32Red Hat Security Advisory 2019-2869-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a buffer overflow vulnerability.
8634149dd9a7b7c9ad1519a123ab762b1a8bfcaef2043b3b61b267f6f4cc7eafRed Hat Security Advisory 2019-2868-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. Issues addressed include a bypass vulnerability.
dea2e8d4ae59d3978ba5d2188a666212eddea2eb7a10021a8e4a5828e0e27c63Red Hat Security Advisory 2019-2870-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. Issues addressed include a bypass vulnerability.
e9ea25d685363eeff9cbc7ec5c87c05a00dd211614e0796fef800c3c49b86184Red Hat Security Advisory 2019-2864-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a buffer overflow vulnerability.
9c7e9c01f4fcf7c8c0f670b7cc0101ade0f73202de2050a085bb20d19a25525cRed Hat Security Advisory 2019-2866-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a buffer overflow vulnerability.
96342d9ea7ec9697d824aeb62df7540fa5da382921d3c2aba9909b0247a35b06Red Hat Security Advisory 2019-2865-01 - This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. Issues addressed include a buffer overflow vulnerability.
1622d04a6345fd45798a8cfd130ab3b855a18bc7e0997986b33418f0cca88ec9Red Hat Security Advisory 2019-2863-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a buffer overflow vulnerability.
167f7657d299a8075717ac734c05c931ae269f68ab825f3e15e2392164d36225Red Hat Security Advisory 2019-2862-01 - The kernel-alt packages provide the Linux kernel version 4.x. Issues addressed include a buffer overflow vulnerability.
83d9f2e9d8856e1cb9622f2b8aba3c51056bd7630f89cfbea90f941d12799be0Debian Linux Security Advisory 4529-1 - Multiple security issues were found in PHP, a widely-used open source extension and the iconv_mime_decode_headers() function could result in information disclosure or denial of service.
92f9d6246c177743c60e4da81d278ce18966b0847c80bc6c0e8b792628677a74Debian Linux Security Advisory 4530-1 - It was discovered that Expat, an XML parsing C library, did not properly handled internal entities closing the doctype, potentially resulting in denial of service or information disclosure if a malformed XML file is processed.
9cee2c8942bc273319fe7a37df2b71158ae6eace203f2937cc0905f3d5645df1HPE Intelligent Management Center versions prior to 7.3 E0506P09 suffer from an information disclosure vulnerability.
65fc0f774a58acc28508f97e744edccbab854d94e701fd276f5e07b5f0cc72f9Gila CMS versions prior to 1.11.1 suffer from a local file inclusion vulnerability.
22e0a1101068baf0503e80cd1e0d344ee677b4dc56a7fc0a9b7662fcb933b1d2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed