The Siemens R3964 line discipline code in drivers/tty/n_r3964.c has a few races around its ioctl handler; for example, the handler for R3964_ENABLE_SIGNALS just allocates and deletes elements in a linked list with zero locking. This code is reachable by an unprivileged user if the line discipline is enabled in the kernel config; Ubuntu 18.04, for example, ships this line discipline as a module.
a396888582339ffe59796c61b8e3097b97ece3e13bcd1b03ad7f6bb0490ef36d74CMS version 5.0.1 suffers from a cross site request forgery vulnerability.
d7d9985001bc42cdc8a3336f061bc250f176b78c5f903ea85e19b6b6d7162312Red Hat Security Advisory 2019-0857-01 - Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.2.7 serves as a replacement for Red Hat Single Sign-On 7.2.6, and includes bug fixes and enhancements.
0ca7fc023124bc1f0da469e121be746b038c42793c79e53b6ee17612555d18aeLinux suffers from a page->_refcount overflow via FUSE with ~140GiB RAM usage.
8f223059c2e0c5c532eddc4777ac58f752854b9d67abeac1f06d8d9bf6855b94This Metasploit module exploits SQL injection and command injection vulnerability in the ManageEngine AM versions 14 and below.
bb5aa065425ceff2e56e199ea57ee45786a565ab2e6b71aad1d4ada0423d0544Red Hat Security Advisory 2019-0856-01 - Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.2.7 serves as a replacement for Red Hat Single Sign-On 7.2.6, and includes bug fixes and enhancements.
2fe0221c5abd3000f802c46f9ec6b9c2bfecefe50b4dc70bf3ad843e75f7602eRoss Video DashBoard version 8.5.1 suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'M' flag (Modify) or 'C' flag (Change) for 'Authenticated Users' group.
4642022f2584ccb3cf7355909cc01e3b85b90ed0cbd2248a18aa61b52cac1adaRed Hat Security Advisory 2019-0809-01 - OVMF is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Issues addressed include a buffer overflow vulnerability.
772394788dead1c22f294f6055835f8bd5f1fde49aae997b2c8e0d9e58372018Ubuntu Security Notice 3922-2 - USN-3922-1 fixed vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 14.04 LTS. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.
9d3b8cd2d40a04c95f35a442f0571f69758a09f6914d994f262f6028e1f5726dRed Hat Security Advisory 2019-0818-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.
427f88a5bf4bb111b281c387156542e436bd1b24b32e98bcda295d272e82b805Red Hat Security Advisory 2019-0831-01 - The kernel-alt packages provide the Linux kernel version 4.x. Issues addressed include bypass, denial of service, null pointer, and use-after-free vulnerabilities.
56ec339fc2da9ed44f9d103367a73097824980f319bfbd006adc8ae2256618d5Ubuntu Security Notice 3952-1 - Jan Pokorný discovered that Pacemaker incorrectly handled client-server authentication. A local attacker could possibly use this issue to escalate privileges. Jan Pokorný discovered that Pacemaker incorrectly handled certain verifications. A local attacker could possibly use this issue to cause a denial of service. Jan Pokorný discovered that Pacemaker incorrectly handled certain memory operations. A local attacker could possibly use this issue to obtain sensitive information in log outputs. This issue only applied to Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04. Various other issues were also addressed.
ca81c7a9b99bb4639dea8d68f5f1b16b211d71222ecf68f6edb2f2d54027fbc1Ubuntu Security Notice 3953-1 - It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.
44836f2532fd5a24f1a39c489bf361912adf4e8801f77594c87f73c02f8ac3c9Ubuntu Security Notice 3951-1 - It was discovered that the Dovecot JSON encoder incorrectly handled certain invalid UTF-8 characters. A remote attacker could possibly use this issue to cause Dovecot to repeatedly crash, resulting in a denial of service.
8b916334ad90f0489013c56012c02e1b53e5df958f92b7cc2cbe32119ee19c04Red Hat Security Advisory 2019-0833-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a use-after-free vulnerability.
e14d7ebf1d627363be450e397294ed00af591dd9d8bcfa0a76501e348e42ddb2Red Hat Security Advisory 2019-0832-01 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include an auth hijacking vulnerability.
ef2cb7fdf777aebe2200db16bd613188acc9f2418c1afa6e9bd5772d57d56bcbRed Hat Security Advisory 2019-0806-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include an information leakage vulnerability.
c206cf8145dc34a49b0f9e9293e5708f88a26c24e86c4b4557f50b051cc04259Red Hat Security Advisory 2019-0796-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include database disclosure, denial of service, and traversal vulnerabilities.
7b0abf23eaef6dbaecd5d1d1ec306c91e866820b9b88b17aa29456046bde3439UliCMS versions 2019.2 and 2019.1 suffers from multiple cross site scripting vulnerabilities.
57f35f707cae3c622dd55e1b762a6c7f638aab5b4bc343b8d0a76361f29450acsystemd suffers from a lack of seat verification in the PAM module and in turn permits the spoofing of an active session to polkit.
efa1f343df5f4bc0df38f6d33e7cbd58c47f076df86f9ef3d5559612c36b0a32100 bytes small Linux/ARM password protected reverse TCP shell shellcode.
9bf33e374e12b637159df9dbbfaec579d102f5a7e90543859ae1a4ac76542fc5Msvod version 10 suffers from a cross site request forgery vulnerability.
56e5a768b895efafc56b727ea919623669d0434f3064494301dd1a65dba66716
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed