Linux kernel post-release reuse vulnerability (CNVD-2020-03570)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A post-release reuse vulnerability exists in the cpia2exit file in drivers/media/usb/cpia2/cpia2v4l.c in versions of Linux kernel prior to 5.1.6. The vulnerability ste...

CVE-2019-8550

An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A user’s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing...

Linux/x64 - Reverse TCP Stager Shellcode (188 bytes)

; Title: Linux/x64 - Reverse TCP Stager Shellcode 188 bytes ; Author: Lee Mazzoleni ; Tested on: Ubuntu 18.04.2 LTS ; reverse tcp stager - download and execute up to 4096 bytes of additional payload - no null bytes in this ; this code is 188 bytes total less if you delete the exit syscall at the...

Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer

A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor emulates a preemption timer for L2 guests when nested =1 virtualization is enabled. This high resolution timerhrtimer runs when a L2 guest is active. After VM exit, the syncvmcs12 timer object is stopped. The...

Linear eMerge E3 1.00-06 card_scan.php Command Injection

!/usr/bin/env python Linear eMerge E3 Unauthenticated Command Injection Remote Root Exploit Affected version: \n' sys.exit ipaddr = sys.argv1 print while True: try: cmd = rawinput'lighttpd@'+ipaddr+':/spider/web/webroot$ ' execute =...

Loop with Unreachable Exit Condition (Infinite Loop)

Istio allows Denial of Service because continueonlistenerfilterstimeout is set to True...

EulerOS 2.0 SP8 : bind (EulerOS-SA-2019-2096)

According to the version of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c...

Buffer Overflow Vulnerability in IEC104

The IEC104 statute is an international standard widely used in industries such as electric power and urban rail transit. A buffer overflow vulnerability exists in IEC104, which can be exploited by an attacker to trigger a stack buffer overflow and cause a program exit...

ALPINE-CVE-2019-6473

An invalid hostname option can trigger an assertion failure in the Kea DHCPv4 server process kea-dhcp4, causing the server process to exit. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2...

DEBIAN-CVE-2019-6473

An invalid hostname option can trigger an assertion failure in the Kea DHCPv4 server process kea-dhcp4, causing the server process to exit. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2...

CVE-2019-6473

An invalid hostname option can trigger an assertion failure in the Kea DHCPv4 server process kea-dhcp4, causing the server process to exit. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2...

CVE-2019-6473

An invalid hostname option can trigger an assertion failure in the Kea DHCPv4 server process kea-dhcp4, causing the server process to exit. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2...

CVE-2019-6471

A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Versions affected: BIND 9.11.0 - 9.11.7, 9.12.0 - 9.12.4-P1, 9.14.0 - 9.14.2. Also all releases of the BIND 9.13 development branch and version 9.15.0 of...

The vulnerability of the multi-connection mode of the Microprogrammable Network Interface Device Firepower Threat Defense (FTD) allows a attacker to exit the container for their own instance of FTD and execute arbitrary commands with root privileges.

The vulnerability of the multi-connection mode of the Firepower Threat Defense FTD software relates to security configuration errors. Exploiting this vulnerability allows an attacker to execute arbitrary commands with root privileges from within the FTD instance...

Microsoft Windows Silent Process Exit Persistence Exploit

This Metasploit module uploads a payload and declares that it is the debug process to launch when a specified process exits. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/post/file' require...

Microsoft Windows Silent Process Exit Persistence

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/post/file' require 'msf/core/exploit/exe' class MetasploitModule 'Windows Silent Process Exit Persistence', 'Description' = %q Windows allows you to se...

Windows Silent Process Exit Persistence

Windows allows you to set up a debug process when a process exits. This module uploads a payload and declares that it is the debug process to launch when a specified process exits. This module requires Metasploit: https://metasploit.com/download Current source:...

Design/Logic Flaw

In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server...

Fedora 30 : expat (2019-9505c6b555)

This update of expat fixes the following security issue : - CVE-2019-15903 -- Fix heap overflow triggered by XMLGetCurrentLineNumber or XMLGetCurrentColumnNumber, and deny internal entities closing the doctype The following bug fixes are also included : - Fix cases where XMLStopParser did not hav...

NewStart CGSL MAIN 4.06 : libssh2 Multiple Vulnerabilities (NS-SA-2019-0179)

The remote NewStart CGSL host, running version MAIN 4.06, has libssh2 packages installed that are affected by multiple vulnerabilities: - An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remot...