The vulnerability of the run_command function in the Git distributed version control system allows a hacker to execute arbitrary commands.

The vulnerability of the runcommand programming interface in a distributed version control system like Git is related to insufficient cleaning of input data. Exploiting this vulnerability allows an attacker to execute arbitrary commands remotely...

Microsoft Office 365 (2016 Click-to-Run) Multiple RCE Vulnerabilities (Apr 2019)

This host is missing an important security update according to Microsoft Office Click-to-Run updates. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

GraphicsMagick buffer overread vulnerability (CNVD-2019-12506)

GraphicsMagick is a simple set of image processing tools. The tool provides resizing, rotating, highlighting and other functions to images. A heap buffer over-read vulnerability exists in the ReadMIFFImage function in coders/miff.c in GraphicsMagick 1.4 snapshot-20190322 Q8, which can be exploite...

DEBIAN-CVE-2019-11006

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet...

UBUNTU-CVE-2019-11006

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet...

September 26, 2018—KB4458469 (OS Build 17134.320)

September 26, 2018—KB4458469 OS Build 17134.320 Note This update has been re-released because of a missing solution. If you installed build 17134.319, please install this newer version of OS build 17134.320. Improvements and fixes This update includes quality improvements. No new operating system...

RubyGems Code Execution Vulnerability

RubyGems is a Ruby package manager from the RubyGems organization. The product is mainly used for publishing and managing Ruby packages. A security vulnerability exists in RubyGems versions 2.6 through 3.0.2, which stems from Gem::CommandManagerrun calling alerterror without escaping, and can be...

Moderate: Red Hat Security Advisory: vdsm security and bug fix update

An update for vdsm is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

vdsm: privilege escalation to root via systemd_run

A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemdrun function exposed to the vdsm system user could be abused to execute arbitrary commands as root...

vdsm: privilege escalation to root via systemd_run

A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemdrun function exposed to the vdsm system user could be abused to execute arbitrary commands as root...

Michael Cohen's Credibility Has Never Been More Certain

In his testimony before Congress Wednesday, Trump's former fixer gave the most convincing narrative yet about Trump's presidential run...

KaiOS Gecko Component Denial of Service Vulnerability in Nokia 8810 4G Devices

The Nokia 8810 4G is a generation of banana model phones. A security vulnerability exists in the Gecko component of KaiOS version 2.5 10.05 on Nokia 8810 4G devices. The vulnerability can be exploited by an attacker to execute code or cause a denial of service with the help of a specially crafted...

DEBIAN-CVE-2018-20784

In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfsrq's, which allows attackers to cause a denial of service infinite loop in updateblockedaverages or possibly have unspecified other impact by inducing a high load...

CVE-2019-0106

Insufficient run protection in install routine for IntelR Data Center Manager SDK before version 5.0.2 may allow a privileged user to potentially enable escalation of privilege via local access...

CVE-2019-0106

Insufficient run protection in install routine for IntelR Data Center Manager SDK before version 5.0.2 may allow a privileged user to potentially enable escalation of privilege via local access...

Microsoft Office 365 (2016 Click-to-Run) Multiple Vulnerabilities (Feb 2019)

This host is missing an important security update according to Microsoft Office Click-to-Run updates. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Description of the security update for Office 2013: February 12, 2019

Description of the security update for Office 2013: February 12, 2019 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see the following:...

CVE-2019-7569

An issue was discovered in DOYO aka doyocms 2.320140425 update. There is a CSRF vulnerability that can add a super administrator account via admin.php?c=aadminuser&a=add&run=1...

DEBIAN-CVE-2019-7352

Self - Stored Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, as the view 'state' aka Run State state.php does no input validation to the value supplied to the 'New State' aka newState field, allowing an attacker to execute HTML or JavaScript code...

PT-2019-11520 · Dcmtk +3 · Dcmtk +3

Name of the Vulnerable Software and Affected Versions: DCMTK versions 3.6.3 and below Description: The issue affects the DcmRLEDecoder component, specifically the decompress function in the dcrledec.h file. It can lead to a buffer overflow, resulting in possible code execution and confirmed Denia...