iOS and macOS suffer from an if_ports_used_update_wakeuuid() 16-byte uninitialized kernel stack disclosure vulnerability.
bdfda9bc65d52d6ed0d3984c8d4faf09c2f19226fdea8d12eea56e1cf1534dd7PDF Signer version 3.0 suffers from a server-side template injection vulnerability that can help lead to remote command execution due to improper cookie handling and cross site request forgery issues.
48355218009f7f221d0640359c0a8692f90c981c4c7fa330a4cb1f8d083ab816Red Hat Security Advisory 2019-0194-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a crash related vulnerability.
ae67071105aaf1bdf88ec44bdc6f486f301f9d17ccf4669bb01648d3e0b0d157Red Hat Security Advisory 2019-0188-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a use-after-free vulnerability.
95543b404311a724e4d4ae3a28dbef2e0c45febdf31c925aa85f1e48fa304eadRed Hat Security Advisory 2019-0163-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass and use-after-free vulnerabilities.
67bea05cdf56e6c44d7f698e4059a01ff4fe8c273c037c1f15ba734adc98234fRed Hat Security Advisory 2019-0201-01 - The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. Issues addressed include a memory leak vulnerability.
850add0778d93ddf380dd47cb0d948b7e9aaf8c2a1e05dd1f3eb6693c18ff086Red Hat Security Advisory 2019-0204-01 - The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. Issues addressed include a stack overflow vulnerability.
6fcd5d14a723cf02465650b3333098f9f2c57140c8be2ebe89550de8bb349677Red Hat Security Advisory 2019-0202-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.
e466d9e8d46a7fbdf7a04ff70339a8429fecbdce61463fd8ca56e052605ddbd5MiniUPnPd versions 2.1 and below suffer from an out-of-bounds read vulnerability.
2aaa71d09817976536dfc7a03db1bc67d6ef7fb15b152cb8ac3c8251862a3b0784 bytes small Linux/ARM TCP bindshell shellcode that binds to port 4321.
6675c4fdce11ca644750bc1ad1b0f09cb68100fc6b8fa9a65cf89532da05f2c058 bytes small Linux/x86 read /etc/passwd shellcode.
075f10569d00f66af6a0529e3d650b0e1f373f2b2b3ec572044eed21b422eb9229 bytes small Linux/x86 execve(/bin/sh) + RShift-1 encoded shellcode.
509a7b73748516eb1e0fa3477a3f424f87f30464e13f64f0d3cb817ecff4ecd8Nessus version 8.2.1 suffers from a persistent cross site scripting vulnerability.
870c026477c2c7e4f6eeb5fd5ac66be8cb2a5d20c5665183930084532b94c6eaUbuntu Security Notice 3872-1 - It was discovered that a race condition existed in the vsock address family implementation of the Linux kernel that could lead to a use-after-free condition. A local attacker in a guest virtual machine could use this to expose sensitive information. Cfir Cohen discovered that a use-after-free vulnerability existed in the KVM implementation of the Linux kernel, when handling interrupts in environments where nested virtualization is in use. A local attacker in a guest VM could possibly use this to gain administrative privileges in a host machine. Various other issues were also addressed.
4db2756d9eb8ba255e08ce015e2fad82f619501758cfcb7947e8a9d0b67adbceUbuntu Security Notice 3871-1 - Wen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service or possibly execute arbitrary code. Wen Xu discovered that a buffer overflow existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
610a75c7ac7a32b12e02eece3933f2d902097e03a13e3d1b9fd535c83c4f3455HTML Video Player version 1.2.5 suffers from a local buffer overflow vulnerability.
5da13ce830ebd2299eb1a2322857e6fef1523e8861bf45742d5a162d465b4d0664 bytes small Linux/ARM reverse TCP (192.168.1.124:4321) shell (/bin/sh) shellcode.
73c3d7113860971adf57a6d814ed49aa6aaa51053acefa7ce2c6063b4e50e509OPNsense version 18.7 suffers from a cross site scripting vulnerability.
a44846135186b09169adec2a92c9bda73a4e408921351467bd043fb1372c246fUbuntu Security Notice 3870-1 - Christophe Fergeau discovered that Spice incorrectly handled memory. A remote attacker could use this to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code.
75b3b84236b60b3458a63a5f717cbd80617cbb119d28df06110534f0ab7a42d0CMSsite version 1.0 suffers from a search functionality-related remote SQL injection vulnerability.
d63bf97dc4889758596cc313f29341919e5ac73cdfef163ee35eabb622775b76Easy Video to iPod Converter version 1.6.20 SEH buffer overflow exploit.
bad439b9588ff44e61f05342f15c5336ad7111ba886aba47b73485a13ce0c09fSricam gSOAP version 2.8 suffers from a denial of service vulnerability.
88977b9cf91572dd8c34d407e04440baa41b34f0cb08737f22c863b37cc2292c53 bytes small Linux/x86 execve() shellcode that runs bc (terminal calculator).
a52a21780a286e00252a03c928310b2f2177bd2819099427c7f1d5e55e46f4a1pfSense version 2.4.4-p1 suffers from a cross site scripting vulnerability.
e840dc0c5f419e9412d643710140fb69fd328344354d76357ec9c8805ba23e10Cisco RV300 and RV320 suffer from an information disclosure vulnerability.
f64b5564266a9a3f68710710054b391969d788fb5b5f9320aaa4b6b9e833b265
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed