Modal - Moderately critical - Access bypass - SA-CONTRIB-2019-094

This project enables administrators to create modal dialogs. The routes used by the module lacked proper permissions, allowing untrusted users to access, create and modify modal configurations...

CVE-2019-19679

In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the Pre-Condition Summary entry point via the summary field of a Create Pre-Condition action for a new Test Issue...

CVE-2019-19679

In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the Pre-Condition Summary entry point via the summary field of a Create Pre-Condition action for a new Test Issue...

EulerOS 2.0 SP8 : postgresql (EulerOS-SA-2019-2297)

According to the version of the postgresql packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pgupgrade and pgdump via CREATE TRIGGER ... REFERENCING. Using a...

Kernel: KVM: potential use-after-free via kvm_ioctl_create_device()

A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor implements its device control API. While creating a device via kvmioctlcreatedevice, the device holds a reference to a VM object, later this reference is transferred to the caller's file descriptor table. If suc...

Microsoft Windows AppXsvc Deployment Extension - Privilege Escalation Vulnerability

Exploit Title: Microsoft Windows AppXsvc Deployment Extension - Privilege Escalation Exploit Author: Abdelhamid Naceri Vendor Homepage: www.microsoft.com Tested on: Windows 10 1903 CVE : CVE-2019-1385 Windows: "AppX Deployment Service" AppXSVC elevation of privilege vulnerability Class: Local...

Security Update for Microsoft Visual Studio Code (CVE-2019-1414)

The version of Microsoft Visual Studio Code installed on the remote Windows host is prior to 1.39.1. It is, therefore, affected by the following vulnerability: - An elevation of privilege vulnerability exists in Visual Studio Code when it exposes a debug listener to users of a local computer. A...

Linux kernel resource management error vulnerability (CNVD-2019-41703)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A vulnerability exists in the 'mlx5fpgaconncreatecq' in the drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c file in versions of the Linux kernel prior to 5.3.11...

Linux kernel memory corruption vulnerability (CNVD-2019-42788)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability exists in the ax25create function in the net/ax25/afax25.c file in the AFAX25 network module in Linux kernel 5.3.2 and earlier. An attacker ca...

DEBIAN-CVE-2019-19083

Memory leaks in clocksourcecreate functions under drivers/gpu/drm/amd/display/dc in the Linux kernel before 5.3.8 allow attackers to cause a denial of service memory consumption. This affects the dce112clocksourcecreate function in drivers/gpu/drm/amd/display/dc/dce112/dce112resource.c, the...

CVE-2019-19083

Memory leaks in clocksourcecreate functions under drivers/gpu/drm/amd/display/dc in the Linux kernel before 5.3.8 allow attackers to cause a denial of service memory consumption. This affects the dce112clocksourcecreate function in drivers/gpu/drm/amd/display/dc/dce112/dce112resource.c, the...

CVE-2019-19083

Memory leaks in clocksourcecreate functions under drivers/gpu/drm/amd/display/dc in the Linux kernel before 5.3.8 allow attackers to cause a denial of service memory consumption. This affects the dce112clocksourcecreate function in drivers/gpu/drm/amd/display/dc/dce112/dce112resource.c, the...

CVE-2019-19082

Memory leaks in createresourcepool functions under drivers/gpu/drm/amd/display/dc in the Linux kernel through 5.3.11 allow attackers to cause a denial of service memory consumption. This affects the dce120createresourcepool function in drivers/gpu/drm/amd/display/dc/dce120/dce120resource.c, the...

Linux kernel memory leak vulnerability (CNVD-2019-41279)

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A memory leak vulnerability exists in the createresourcepool function under drivers/gpu/drm/amd/display/dc in Linux...

Linux kernel memory leak vulnerability (CNVD-2019-41274)

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A memory leak vulnerability exists in the clocksourcecreate function under drivers/gpu/drm/amd/display/dc in Linux...

Nextcloud 17 - Cross-Site Request Forgery Vulnerability

Exploit for php platform in category web applications Exploit Title: Nextcloud 17 - Cross-Site Request Forgery Exploit Author: Ozer Goker Vendor Homepage: https://nextcloud.com Software Link: https://nextcloud.com/install/instructions-server Version: 17 CVE: N/A Nextcloud offers the...

Adive Framework 2.0.7 - Privilege Escalation Exploit

Exploit for php platform in category web applications Exploit Title: Adive Framework 2.0.7 - Privilege Escalation Exploit Author: Pablo Santiago Vendor Homepage: https://www.adive.es/ Software Link: https://github.com/ferdinandmartin/adive-php7 Version: 2.0.7 Tested on: Windows 10 CVE :...

Lark Technologies: [CSRF] No Csrf protection against sending invitation to join the team.

A Cross-Site Request Forgery CSRF vulnerability was found on a "Create Invite" endpoint, which could result in any users being added to a team by tricking another user to run this Proof of Concept. We thank @imrannisar for reporting this to our team...

PT-2019-4882 · Xen +1 · Xen +1

Name of the Vulnerable Software and Affected Versions: Xen versions 4.6 through 4.12.x Description: The issue is related to incorrect error handling for a malformed format character in the hypercall initialise function of the Xen hypervisor. This can be exploited by a remote attacker to cause a...

Unspecified vulnerability in Linux kernel (CNVD-2019-38534)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability exists in the ieee802154create function in the net/ieee802154/socket.c file in the AFIEEE802154 network module in Linux kernel 5.3.2 and...