3965 matches found
CVE-2019-10600
CVE-2019-10600 describes a use-after-scope issue where a local variable is passed as an argument to a netlink callback, causing invalid stack memory when the callback fires. Affected are Snapdragon families across many devices and SoCs (e.g., Snapdragon Auto/Consumer IOT/Industrial IOT, IoT, Mobi...
CVE-2019-10600
Use of local variable as argument to netlink CB callback goes out of it scope when callback triggered lead to invalid stack memory in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon...
Bash Profile Persistence Exploit
This Metasploit module writes an execution trigger to the target's Bash profile. The execution trigger executes a call back payload whenever the target user opens a Bash terminal. A handler is not run automatically, so you must configure an appropriate exploit/multi/handler to receive the callbac...
Bash Profile Persistence
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Bash Profile Persistence', 'Description' = %q" This module writes an execution trigger to the target's Bash profile. The execution trigger execut...
Bash Profile Persistence
This module writes an execution trigger to the target's Bash profile. The execution trigger executes a call back payload whenever the target user opens a Bash terminal. A handler is not run automatically, so you must configure an appropriate exploit/multi/handler to receive the callback. This...
Updated ansible packages fix security vulnerability
Updated ansible package fixes security vulnerability: Splunk and Sumologic callback plugins leak sensitive data in logs CVE-2019-14864...
Internet Explorer - Use-After-Free in JScript Arguments During toJSON Callback
There is a use-after-free issue in JSCript triggerable via Internet Explorer where the members of the 'arguments' object aren't tracked by the garbage collector during the 'toJSON' callback. Thus, during the 'toJSON' callback, it is possible to assign a variable to the 'arguments' object, have it...
Internet Explorer - Use-After-Free in JScript Arguments During toJSON Callback
Internet Explorer - Use-After-Free in JScript Arguments During toJSON Callback There is a use-after-free issue in JSCript triggerable via Internet Explorer where the members of the 'arguments' object aren't tracked by the garbage collector during the 'toJSON' callback. Thus, during the 'toJSON'...
RHEL 7 : ansible (RHSA-2019:3925)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:3925 advisory. Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does n...
Ansible: Splunk and Sumologic callback plugins leak sensitive data in logs
A data disclosure flaw was found in Ansible when using the Splunk and Sumologic modules, as they are not respecting when the flag nolog is enabled. This flaw can disclose and collect sensitive data from the system and expose it to an attacker...
Moderate: Red Hat Security Advisory: ansible security update
An update for Ansible is now available for Ansible Engine 2.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
Ansible: Splunk and Sumologic callback plugins leak sensitive data in logs
A data disclosure flaw was found in Ansible when using the Splunk and Sumologic modules, as they are not respecting when the flag nolog is enabled. This flaw can disclose and collect sensitive data from the system and expose it to an attacker...
Ddoor - Cross Platform Backdoor Using Dns Txt Records
Cross-platform backdoor using dns txt records. What is ddor? ddor is a cross platform light weight backdoor that uses txt records to execute commands on infected machines. Features Allows a single txt record to have seperate commands for both linux and windows machines List of around 10 public DN...
CVE-2019-6170
A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution...
CVE-2019-6172
A potential vulnerability in the SMI callback function used in Legacy USB driver using passed parameter without sufficient checking in some Lenovo ThinkPad models may allow arbitrary code execution...
CVE-2019-6170
A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution...
Code injection
A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution...
Code injection
A potential vulnerability in the SMI callback function used in Legacy USB driver using passed parameter without sufficient checking in some Lenovo ThinkPad models may allow arbitrary code execution...
CVE-2019-6170
A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution...
CVE-2019-6172
CVE-2019-6172 involves a vulnerability in the SMI callback function in some Lenovo ThinkPad models’ Legacy USB driver, where a passed parameter is used without sufficient validation. This could allow arbitrary code execution in the context of the affected system. Public documentation consistently...