macOS 10.14.6 (18G87) - Kernel Use-After-Free due to Race Condition in wait_for_namespace_event()

The XNU function waitfornamespaceevent in bsd/vfs/vfssyscalls.c releases a file descriptor for use by userspace but may then subsequently destroy that file descriptor using fpfree, which unconditionally frees the fileproc and fileglob. This opens up a race window during which the process could...

Debian DSA-1708-1 : git-core - shell command injection

It was discovered that gitweb, the web interface for the Git version control system, contained several vulnerabilities : Remote attackers could use crafted requests to execute shell commands on the web server, using the snapshot generation and pickaxe search functionality CVE-2008-5916 . Local...