Ubuntu Security Notice 3954-1 - It was discovered that FreeRADIUS incorrectly handled certain inputs. An attacker could possibly use this issue to bypass authentication.
1eb13bc35a756c03e3145507d6d0d7a516996bc6cf6f7b5a26bd2720ffa03b66200 bytes small Linux/x86 rabbit shellcode crypter.
fb37ba82e4027cf10d73e32e412a4e7e6aa23a6579a76d4bce9a870c287d9323In WinRAR versions prior to and including 5.61, there is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path. This module will attempt to extract a payload to the startup folder of the current user. It is limited such that we can only go back one folder. Therefore, for this exploit to work properly, the user must extract the supplied RAR file from one folder within the user profile folder (e.g. Desktop or Downloads). User restart is required to gain a shell.
195eaa1e914aee3e46e371994c1ebf7f8bc0d0140c077d3ce83d37137bc89326The hardened VirtualBox process on a Windows host does not secure its COM interface leading to arbitrary code injection and elevation of privilege.
e46258bb33069de1c03e75f59d382519239af32450b9b51519f9c219934851b9Confluence Server and Confluence Data Center suffer from a path traversal vulnerability in the downloadallattachments resource. Versions affected include 6.6.0 up to 6.6.13, 6.7.0 up to 6.12.4, 6.13.0 up to 6.13.4, 6.14.0 up to 6.14.3, and 6.15.0 up to 6.15.2.
54a6bf44997071eacfb8aca90470a91c600400151badba57559e2a382f7bcf17Ubuntu Security Notice 3936-2 - USN-3936-1 fixed a vulnerability in AdvanceCOMP. This update provides the corresponding update for Ubuntu 19.04. It was discovered that AdvanceCOMP incorrectly handled certain PNG files. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.
1cb95bb14e2ae5da83921b83e00a2b435a18221c8d5f817232ec256867b3d9b4Red Hat Security Advisory 2019-0868-01 - Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.2.7 serves as a replacement for Red Hat Single Sign-On 7.2.6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
499f331beaf6d05c7febcd24be4e987b27ce2daffebe7e4197bbb2d838627df9Sony Smart TVs suffer from information disclosure and arbitrary file read vulnerabilities.
d68b3619b388bc1c440a10297af3b259d4738d11fbef02fa70fdad3cbbd836bftestssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
b236094a5360883bc8b1bb283c8a2c6f75230ca42e88bc04f0ab65074cd21e8aThe Siemens R3964 line discipline code in drivers/tty/n_r3964.c has a few races around its ioctl handler; for example, the handler for R3964_ENABLE_SIGNALS just allocates and deletes elements in a linked list with zero locking. This code is reachable by an unprivileged user if the line discipline is enabled in the kernel config; Ubuntu 18.04, for example, ships this line discipline as a module.
a396888582339ffe59796c61b8e3097b97ece3e13bcd1b03ad7f6bb0490ef36d74CMS version 5.0.1 suffers from a cross site request forgery vulnerability.
d7d9985001bc42cdc8a3336f061bc250f176b78c5f903ea85e19b6b6d7162312Red Hat Security Advisory 2019-0857-01 - Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.2.7 serves as a replacement for Red Hat Single Sign-On 7.2.6, and includes bug fixes and enhancements.
0ca7fc023124bc1f0da469e121be746b038c42793c79e53b6ee17612555d18aeLinux suffers from a page->_refcount overflow via FUSE with ~140GiB RAM usage.
8f223059c2e0c5c532eddc4777ac58f752854b9d67abeac1f06d8d9bf6855b94This Metasploit module exploits SQL injection and command injection vulnerability in the ManageEngine AM versions 14 and below.
bb5aa065425ceff2e56e199ea57ee45786a565ab2e6b71aad1d4ada0423d0544Red Hat Security Advisory 2019-0856-01 - Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.2.7 serves as a replacement for Red Hat Single Sign-On 7.2.6, and includes bug fixes and enhancements.
2fe0221c5abd3000f802c46f9ec6b9c2bfecefe50b4dc70bf3ad843e75f7602eRoss Video DashBoard version 8.5.1 suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'M' flag (Modify) or 'C' flag (Change) for 'Authenticated Users' group.
4642022f2584ccb3cf7355909cc01e3b85b90ed0cbd2248a18aa61b52cac1adaRed Hat Security Advisory 2019-0809-01 - OVMF is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Issues addressed include a buffer overflow vulnerability.
772394788dead1c22f294f6055835f8bd5f1fde49aae997b2c8e0d9e58372018Ubuntu Security Notice 3922-2 - USN-3922-1 fixed vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 14.04 LTS. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.
9d3b8cd2d40a04c95f35a442f0571f69758a09f6914d994f262f6028e1f5726dRed Hat Security Advisory 2019-0818-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.
427f88a5bf4bb111b281c387156542e436bd1b24b32e98bcda295d272e82b805Red Hat Security Advisory 2019-0831-01 - The kernel-alt packages provide the Linux kernel version 4.x. Issues addressed include bypass, denial of service, null pointer, and use-after-free vulnerabilities.
56ec339fc2da9ed44f9d103367a73097824980f319bfbd006adc8ae2256618d5Ubuntu Security Notice 3952-1 - Jan Pokorný discovered that Pacemaker incorrectly handled client-server authentication. A local attacker could possibly use this issue to escalate privileges. Jan Pokorný discovered that Pacemaker incorrectly handled certain verifications. A local attacker could possibly use this issue to cause a denial of service. Jan Pokorný discovered that Pacemaker incorrectly handled certain memory operations. A local attacker could possibly use this issue to obtain sensitive information in log outputs. This issue only applied to Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04. Various other issues were also addressed.
ca81c7a9b99bb4639dea8d68f5f1b16b211d71222ecf68f6edb2f2d54027fbc1Ubuntu Security Notice 3953-1 - It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.
44836f2532fd5a24f1a39c489bf361912adf4e8801f77594c87f73c02f8ac3c9Ubuntu Security Notice 3951-1 - It was discovered that the Dovecot JSON encoder incorrectly handled certain invalid UTF-8 characters. A remote attacker could possibly use this issue to cause Dovecot to repeatedly crash, resulting in a denial of service.
8b916334ad90f0489013c56012c02e1b53e5df958f92b7cc2cbe32119ee19c04Red Hat Security Advisory 2019-0833-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a use-after-free vulnerability.
e14d7ebf1d627363be450e397294ed00af591dd9d8bcfa0a76501e348e42ddb2Red Hat Security Advisory 2019-0832-01 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include an auth hijacking vulnerability.
ef2cb7fdf777aebe2200db16bd613188acc9f2418c1afa6e9bd5772d57d56bcb
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed