Debian Linux Security Advisory 4406-1 - Francis McBratney discovered that the Windows Azure Linux Agent created swap files with world-readable permissions, resulting in information disclosure.
e7e6e6f311f95c46b911de10379bfec0f94c85ee6858e172be2b777f9ee858d9
Ubuntu Security Notice 3908-1 - Jann Horn discovered a race condition in the fork system call in the Linux kernel. A local attacker could use this to gain access to services that cache authorizations.
023d1e358ad840166c4cd8f953f17797e904596a1e9445469abd9820bf705639
Ubuntu Security Notice 3902-2 - USN-3902-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that the PHP XML-RPC module incorrectly handled decoding XML data. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. Various other issues were also addressed.
8c5cc0af99e03f737cb519150962c02823fb921e860b9c2988049030499ed991
Ubuntu Security Notice 3907-1 - It was discovered that WALinuxAgent created swap files with incorrect permissions. A local attacker could possibly use this issue to obtain sensitive information from the swap file.
d2c083e3afaa3efd89261d641354aab2fb7f9c9b4909c258e407052ce4a00f56
Debian Linux Security Advisory 4407-1 - Ross Geerlings discovered that the XMLTooling library didn't correctly handle exceptions on malformed XML declarations, which could result in denial of service against the application using XMLTooling.
586faef27e4ffc72757add5604584928b2751e1c19e08f7438ec9a9bc2dcd219
Red Hat Security Advisory 2019-0487-01 - Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that runs virtually anywhere. Issues addressed include a memory exhaustion vulnerability.
59cd607108e71d543a7513616c46c93c9e6f8ba58f029ead8e5418be1ee38a30
Red Hat Security Advisory 2019-0525-01 - The kernel-alt packages provide the Linux kernel version 4.x. Issues addressed include a use-after-free vulnerability.
213fea24e7a280a922ce0031dca1c4cc6e2a9a23bcab516535af465bc2e46cf0
This Metasploit module exploits a command injection vulnerability in elFinder versions prior to 2.1.48. The PHP connector component allows unauthenticated users to upload files and perform file modification operations, such as resizing and rotation of an image. The file name of uploaded files is not validated, allowing shell metacharacters. When performing image operations on JPEG files, the filename is passed to the exiftran utility without appropriate sanitization, causing shell commands in the file name to be executed, resulting in remote command injection as the web server user. The PHP connector is not enabled by default. The system must have exiftran installed and in the PATH. This module has been tested successfully on elFinder versions 2.1.47, 2.1.20, and 2.1.16 on Ubuntu.
5222268c0c1677f7e0637fd6b8a807ef9ea4bfb24107aadeb85ce45155354bc3
Ubuntu Security Notice 3906-1 - It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.
1b284193f01aec4b4188cb1c45cf5c82f43eb0d73619c189f7830fcc0f3bc97d
robinbhandari FTP suffers from a denial of service vulnerability.
b314daf661574d92eabdc5a8fee14abb66ab76b20a043a782e002bd16169b7c9
PilusCart version 1.4.1 suffers from a cross site request forgery vulnerability.
699810efb977ae941fc6f36d1cacd164c97e110f203896553af3ce22f3516b93
Core FTP version 2.0 build 653 suffers from a PBSZ command denial of service vulnerability.
00eab4c7b5f5b0eaa067ef5307df33a9314ec54ced7998e6a06d61125051fb73