Ubuntu Security Notice 3906-2 - USN-3906-1 and USN-3864-1 fixed several vulnerabilities in LibTIFF. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Various other issues were also addressed.
7ddec11ab6449a1a2d7431b7963ef951dea0238b9574957b3cd9a4d98bfeb956
Red Hat Security Advisory 2019-0597-01 - The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. An issue with extra ssh keys being added has been addressed.
758d404a2e4ff416730200eefbbc3f12f060721049d92d2fa27227fe15f52b81
exacqVision version 9.8 suffers from an unquoted search path issue impacting the services exacqVisionServer, dvrdhcpserver and mdnsresponder for Windows deployed as part of exacqVision software application. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
90fe60960c62610bc8f59ff9c98b09fff0ca457f52c59094a1c6dbea2a406159
This is a short write-up on binary planting along with a few old-school 0-days which may still be helpful for pentesters willing to escalate privileges on Windows.
bad382035c6cc3d06a9a292da8b5ee06b5df8bb89476e892ad959c45c53b1410
Debian Linux Security Advisory 4408-1 - Multiple security issues were discovered in liveMedia, a set of C++ libraries for multimedia streaming which could result in the execution of arbitrary code or denial of service when parsing a malformed RTSP stream.
2e4ca357472c5a306f5831960e41f57eaa118209475d160d1380da9fe1a5a28a
Red Hat Security Advisory 2019-0593-01 - The OpenStack Load Balancing service provides a Load Balancing-as-a-Service version 2 implementation for Red Hat OpenStack platform director based installations. This update fixes an issue where private keys were written to world-readable log files.
71e70c3c6222ce513e075bc9fee98e201d4d7d5e030dc937d7a89c2b2fc5ec11
Ubuntu Security Notice 3911-1 - It was discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.
fef808f3be82996b09455ddaa9c310cc847d78b2422cbd3aee423e2912f71a01
Red Hat Security Advisory 2019-0580-01 - OpenStack Telemetry collects customer usage data for metering purposes. Telemetry implements bus listener, push, and polling agents for data collection. This data is stored in a database and presented via the REST API. This update addresses an sensitive data leak.
f0e0d56ab4b93438be5236b200671bcf92acdcdc8a04e9e3792d36487185d779
Red Hat Security Advisory 2019-0590-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. Issues addressed include an information leakage vulnerability.
025cf7a60e096cc067f210e970eee35ca056285eec6245ec0dcaf1ce2244aef5
libseccomp suffers from an issue where there are incorrect compilations of arithmetic comparisons.
dddc73c41f25c68017fa3018c96fe964b4326e43e6cabe8e18b658d2b9935a72
Gitea versions 1.7.0 through 1.7.3 suffer from a stored html injection vulnerability.
253ed51f7af489f1307804b4289f3d88966fed3070de63f9f7e892dd2a22ed63
TheCarProject version 2 suffers from a remote SQL injection vulnerability.
137a2c3dbf630de74cbfde1c84bd23e35a6010ddb016985199679d8d58bcc715
WinAVI iPod/3GP/MP4/PSP Converter version 4.4.2 suffers from a local denial of service vulnerability.
77155e77429bcb5b77a27c89b876b2ed472cd37f1adf4f527d589e6763b7bb93
WinMPG Video Convert versions 9.3.5 and below suffer from a local denial of service vulnerability.
84572c55050623ee7f0d842c9ccb7dfe0ef3758bd700e81568a99fb1419d0c63
WordPress version 5.0.4 with FormCraft plugin version 2.0 suffers from a cross site request forgery vulnerability that can be leveraged to perform a shell upload.
20fa2c83b5c931b82468320628286a4017adfdc722d3d66e7a4045518f19f4d8