Red Hat Security Advisory 2019-1483-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.
1a217d5cefbb5641eb992dc6b0dcebb39c2cfb20983cf620352b394e13385350Red Hat Security Advisory 2019-1482-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.
3c26d4933de700ed32008fe232bf0b5b481901ed98030cd7f187ee8bd9089962Red Hat Security Advisory 2019-1481-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.
6cfbd3f8626c8697fb5f0b62389cf6843e06ee0a60d5467b234d8a9835929288Red Hat Security Advisory 2019-1488-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.
36497ea43fe2cdf62445777995772c09d638c95ec67c2d50cc020453b75700e3Red Hat Security Advisory 2019-1479-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service and null pointer vulnerabilities.
97113cfbe30fbceebe6aa05a8dc231cec04e7b0aa68aa9598e713c3f798a8800Debian Linux Security Advisory 4464-1 - Multiple security issues have been found in Thunderbird which may lead to the execution of arbitrary code if malformed email messages are read.
aa7d181e78048e8ecd8ae88ff81868ef3eeedc0c720c81da872e354912c4f634Ubuntu Security Notice 3991-3 - USN-3991-1 fixed vulnerabilities in Firefox, and USN-3991-2 fixed a subsequent regression. The update caused an additional regression that resulted in Firefox failing to load correctly after executing it in safe mode. This update fixes the problem. Various other issues were also addressed.
5c1699b949d86c39c9f8b65e74e1a7f1f5a61db5769f7396a87fc70f10f4d139Exim versions 4.87 through 4.91 suffer from a local privilege escalation vulnerability.
f66d7f3a31ac18712c80085004dbe2a60269462f0ed94217c0afa6f03a4f8107Red Hat Security Advisory 2019-1492-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A connection rate limiting control vulnerability has been addressed.
2250a500dc8ba5389108b1c8a2caa2bc490fd36f31e61c6622861e9df085f568Netperf version 2.6.0 suffers from a stack-based buffer overflow.
dda908bfae1b3f1d72e4d16cda8f1cd72e913a9911960df08f53b6013a26a0f1Red Hat Security Advisory 2019-1477-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 75.0.3770.80. Issues addressed include buffer overflow and bypass vulnerabilities.
24170015637b0fc00215db9632d50535b70a39d2bb4c97ceebb1a5468db7d4d1This Metasploit module exploits a command execution vulnerability in AROX School-ERP. "import_stud.php" and "upload_fille.php" do not have session control. Session start/check functions in Line 8,9,10 are disabled with slashes. Therefore an unauthenticated user can execute the command on the system.
f8695970cb9115acc551ef84cf8f3a91d67684104fecb0e75de5899ea5b7a48bRed Hat Security Advisory 2019-1476-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 32.0.0.207. Issues addressed include a code execution vulnerability.
1300a3b42c6f7bdd39ac606e6534d98ddd3fd4ba787493447991ed1d66411cc4The HC.Server service in Hosting Controller HC10 10.14 allows an Invalid Pointer Write DoS if attackers can reach the service on port 8794. In addition this can potentially be leveraged for post exploit persistence with SYSTEM privileges, if physical access or malware is involved. If a physical attacker or malware can set its own program for the service failure recovery options, it can be used to maintain persistence. Afterwards, it can be triggered by sending a malicious request to DoS the service, which in turn can start the attackers recovery program. The attackers program can then try restarting the affected service to try an stay unnoticed by calling "sc start HCServerService". Services failure flag recovery options for "enabling actions for stops or errors" and can be set in the services "Recovery" properties tab or on the command line. Authentication is not required to reach the vulnerable service, this was tested successfully on Windows 7/10.
e412776a5d16a5dbc331f537d80d4a3daeb9af8a5003301b054c2cf0df704e15When a Microsoft Word ".docx" File contains a hyperlink to another file, it will run the first file it finds in that directory with a valid extension. But will present to the end user an extension-less file in its Security warning dialog box without showing the extension type. If another "empty" file of the same name as the target executable exists but has no file extension. Because the extension is suppressed it makes the file seem harmless and the file can be masked to appear as just a folder etc. This can potentially trick user into running unexpected code, but will only work when you have an additional file of same name with NO extension on it.
18d464c17f780a09e712727343af4ef6b58086ae39ba369df2476dd841db2172Debian Linux Security Advisory 4463-1 - Two vulnerabilities were discovered in the ZNC IRC bouncer which could result in remote code execution (CVE-2019-12816) or denial of service via invalid encoding (CVE-2019-9917).
23dede2ae1981e5c5a5f41d34d05367a9d031dbc77b7f01c8842623769831714Spring Security OAuth versions 2.3 prior to 2.3.6 suffer from open redirection vulnerabilities.
f22f678d7e0287a242a729d0fd6f997763bfa1cc600c5dfe4110e4559985b997This script is a proof of concept to bypass the Microsoft Windows User Access Control (UAC) via SluiFileHandlerHijackLPE.
efb5f415da1f4ff8220fecb3902a9074d9f559bfe81332a3991c71dc7246dc7f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed