Chrome suffers from an integer overflow vulnerability in NewFixedDoubleArray.
fee96039860fbbb8b9bf0114df077f357a98c9c049396724d0575314295ee4e5
Red Hat Security Advisory 2019-0877-01 - Red Hat OpenShift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of RHOAR Thorntail 2.4.0 serves as a replacement for RHOAR Thorntail 2.2.0, and includes security and bug fixes and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include code execution, denial of service, deserialization, and traversal vulnerabilities.
5a770a9e44f952c4dbd8ebcd0a5a7da0c0737d9f710ca712c6c037e86137438f
Ubuntu Security Notice 3954-1 - It was discovered that FreeRADIUS incorrectly handled certain inputs. An attacker could possibly use this issue to bypass authentication.
1eb13bc35a756c03e3145507d6d0d7a516996bc6cf6f7b5a26bd2720ffa03b66
200 bytes small Linux/x86 rabbit shellcode crypter.
fb37ba82e4027cf10d73e32e412a4e7e6aa23a6579a76d4bce9a870c287d9323
In WinRAR versions prior to and including 5.61, there is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path. This module will attempt to extract a payload to the startup folder of the current user. It is limited such that we can only go back one folder. Therefore, for this exploit to work properly, the user must extract the supplied RAR file from one folder within the user profile folder (e.g. Desktop or Downloads). User restart is required to gain a shell.
195eaa1e914aee3e46e371994c1ebf7f8bc0d0140c077d3ce83d37137bc89326
The hardened VirtualBox process on a Windows host does not secure its COM interface leading to arbitrary code injection and elevation of privilege.
e46258bb33069de1c03e75f59d382519239af32450b9b51519f9c219934851b9
Confluence Server and Confluence Data Center suffer from a path traversal vulnerability in the downloadallattachments resource. Versions affected include 6.6.0 up to 6.6.13, 6.7.0 up to 6.12.4, 6.13.0 up to 6.13.4, 6.14.0 up to 6.14.3, and 6.15.0 up to 6.15.2.
54a6bf44997071eacfb8aca90470a91c600400151badba57559e2a382f7bcf17
Ubuntu Security Notice 3936-2 - USN-3936-1 fixed a vulnerability in AdvanceCOMP. This update provides the corresponding update for Ubuntu 19.04. It was discovered that AdvanceCOMP incorrectly handled certain PNG files. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.
1cb95bb14e2ae5da83921b83e00a2b435a18221c8d5f817232ec256867b3d9b4
Red Hat Security Advisory 2019-0868-01 - Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.2.7 serves as a replacement for Red Hat Single Sign-On 7.2.6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
499f331beaf6d05c7febcd24be4e987b27ce2daffebe7e4197bbb2d838627df9
Sony Smart TVs suffer from information disclosure and arbitrary file read vulnerabilities.
d68b3619b388bc1c440a10297af3b259d4738d11fbef02fa70fdad3cbbd836bf
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
b236094a5360883bc8b1bb283c8a2c6f75230ca42e88bc04f0ab65074cd21e8a