Ubuntu Security Notice 4162-1 - It was discovered that the RSI 91x Wi-Fi driver in the Linux kernel did not did not handle detach operations correctly, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
766eafebbf6fe9684e9d928dab508e66e29f9dd506c5d9b1141a9c677708de5f
Ubuntu Security Notice 4157-2 - USN-4157-1 fixed vulnerabilities in the Linux kernel for Ubuntu 19.04. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 19.04 for Ubuntu 18.04 LTS. Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
98e81da43ab7657c0515f3a777eb64a810ffffaa72274cb03f12408a3c619c36
42 bytes small Linux/x86 execve(/bin/sh) socket reuse shellcode.
06940cd962d0fb34cda215179e7f8392804cd9243f8253e5bd126a6f374b2d79
This Metasploit module exploits a vulnerability in Total.js CMS. The issue is that a user with admin permission can embed a malicious JavaScript payload in a widget, which is evaluated server side, and gain remote code execution.
994055352fee2d951e405c99aeadd99178b2c65c81e77f2f5498366d48a48c14
Ubuntu Security Notice 4160-1 - It was discovered that UW IMAP incorrectly handled inputs. A remote attacker could possibly use this issue to execute arbitrary OS commands.
f9b592cd57c66a41cc2572df5f2ffeecfd664269e7de497697149a9115f866a9
Ubuntu Security Notice 4161-1 - It was discovered that the IPv6 routing implementation in the Linux kernel contained a reference counting error leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
7f05d7a2372c61a56be48149f14923a9ec6644cf190738c69eb8ef764a49a3cf
Debian Linux Security Advisory 4548-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in cross-site scripting, denial of service, information disclosure or Kerberos user impersonation.
b8bcde877f6272bcd32a05a018a9cdc9bc6dcdb15213d3642b3e1c40a0a17efb
Debian Linux Security Advisory 4547-1 - Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service or, potentially, execution of arbitrary code.
8eca2c70ce1a22814627f3af89215e63d98f8014fab472c71fd77b3a35eeeab9
Debian Linux Security Advisory 4546-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in cross-site scripting, denial of service, information disclosure or Kerberos user impersonation.
352af449337abb2eb16df71059490cdac5644dd446be50a1aa162a6f50f5bb77
Red Hat Security Advisory 2019-3157-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Issues addressed include deserialization and null pointer vulnerabilities.
580ca48ccbfadcc5ae46aa7626a2e1e35aa149c3a88c47c63b7636aaf7712e2b
Debian Linux Security Advisory 4545-1 - It was discovered that the Special:Redirect functionality of MediaWiki, a website engine for collaborative work, could expose suppressed user names, resulting in an information leak.
b4ba914edfd14bd7587407b445b8b32238ef64f5ea3238b74b3606e22f0d77db
Slackware Security Advisory - New python packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
6e16f3aa88276b6f120411e834953cbd8b1d1e3547deb2d4e80297d7c49b6eb3
Ubuntu Security Notice 4159-1 - It was discovered that Exiv2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service.
d58fa7442982f864e3c110e92b8302aef180b78860e19a04d1b1e38dea5b5cc9
Ubuntu Security Notice 4155-2 - USN-4155-1 fixed a vulnerability in Aspell. This update provides the corresponding update for Ubuntu 19.10. It was discovered that Aspell incorrectly handled certain inputs. An attacker could potentially access sensitive information.
fe185c7a18f8648750c42f0589dba893c4342e42b79d3e3665bd95c51639b493
Red Hat Security Advisory 2019-3158-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Issues addressed include deserialization and null pointer vulnerabilities.
626e0c8ce1feb4d26f15b7e661d30b9fafd9f8a87bf7af2dbb288cb1b0b91e54
Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below suffer from a remote code execution vulnerability.
038bb3d0ceff9e12031ec2a31746a5ecf155f068a1c05d9fed3e640cb91241c8
WinRAR version 5.80 suffers from a memory corruption vulnerability that allows for denial of service.
52f90a62ce54f13ae494dd6c27b1f01a8cd0a44815f923600fd7c2e20af925b3
The NASA Online Directives Information System suffers from a cross site scripting vulnerability that can be leveraged via the User-Agent header. The researcher has notified NASA and has not received a response.
d0a0449c42ab23e74a3dcd9aa3ce275ada8abcc4d4e97886c32874bc2606f1f4
Red Hat Security Advisory 2019-3149-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains an update for jackson-databind in the logging-elasticsearch5 container image for Red Hat OpenShift Container Platform 3.11.153. Issues addressed include code execution, denial of service, and deserialization vulnerabilities.
5b5749c71d52c3690eb137ec23b207f4283a94baacb4c994ead4402f6eddba76
A remotely exploitable vulnerability exists in the 2.3.23-119-GA version of Sangoma SBC that would allow an unauthenticated user to bypass authentication and login as a non-existent user but with complete access to the dashboard including additional privileged user creation capabilities.
c1a3913d4d49d918d2edfe442e39cf4c9f77f13de1fcfde2bc856b1c6f69200d
A remotely exploitable vulnerability exists in the 2.3.23-119-GA version of Sangoma SBC that would allow an unauthenticated user to create a privileged user on the system using the web application login interface.
7e1eb8784b9d8c0dcef3b52b414558e0863dd0159c0dddd2ff205e7efaa513f9
WiKID Systems 2FA Enterprise Server version 4.2.0-b2032 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
16f7edc4af940d18ad1ea3af320f681ee3a9432185f93f6bbc0ce222543bcacf
Red Hat Security Advisory 2019-3144-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by CRON. This advisory contains the updated jenkins RPM package for Red Hat OpenShift Container Platform 3.11. Issues addressed include a cross site request forgery vulnerability.
3884936d40d62626ae2afd0fd378d13ff22c620e26e53620b6b1411cd943ba22
Red Hat Security Advisory 2019-3143-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the atomic-openshift RPM package for Red Hat OpenShift Container Platform 3.11.153.
07edec415d78727f721458f0f3be8b5612ba23b317cd11412bd0a3cf2a02fd99
Red Hat Security Advisory 2019-3142-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains an updated mediawiki RPM package for Red Hat OpenShift Container Platform 3.11. Issues addressed include a bypass vulnerability.
e5e031b07640213b46f65b0f99cb1a6d22ed61d12b0afcd8993027a51e1b032c