Security
Headlines
HeadlinesLatestCVEs

Tag

#rce

CVE-2019-2126: Android Security Bulletin—August 2019

In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-127702368.

CVE
#vulnerability#android#google#dos#rce#nokia#samsung#huawei
Announcing the Microsoft Edge Insider Bounty

This week, we released the first Beta preview of the next version of Microsoft Edge. Alongside this, Microsoft is excited to announce the launch of the Microsoft Edge Insider Bounty Program. We welcome researchers to seek out and disclose any high impact vulnerabilities they may find in the next version of Microsoft Edge, based on Chromium, and offer rewards up to US$30,000 for eligible vulnerabilities in Dev and Beta channels.

CVE-2019-15107: Offensive Security’s Exploit Database Archive

An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.

CVE-2019-13513

In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior, processing a specially crafted project file may trigger multiple out-of-bounds read vulnerabilities, which may allow information disclosure, remote code execution, or crash of the application.

Patch new wormable vulnerabilities in Remote Desktop Services (CVE-2019-1181/1182)

Today Microsoft released a set of fixes for Remote Desktop Services that include two critical Remote Code Execution (RCE) vulnerabilities, CVE-2019-1181 and CVE-2019-1182. Like the previously-fixed ‘BlueKeep’ vulnerability (CVE-2019-0708), these two vulnerabilities are also ‘wormable’, meaning that any future malware that exploits these could propagate from vulnerable computer to vulnerable computer without user interaction.

Patch new wormable vulnerabilities in Remote Desktop Services (CVE-2019-1181/1182)

Today Microsoft released a set of fixes for Remote Desktop Services that include two critical Remote Code Execution (RCE) vulnerabilities, CVE-2019-1181 and CVE-2019-1182. Like the previously-fixed ‘BlueKeep’ vulnerability (CVE-2019-0708), these two vulnerabilities are also ‘wormable’, meaning that any future malware that exploits these could propagate from vulnerable computer to vulnerable computer without user interaction.

CVE-2019-14744

In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop file.

CVE-2019-10961

In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, processing specially crafted MCR files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, allowing remote code execution.

CVE-2019-14431: Heap based buffer overflow while parsing DTLS messages (parseSSLHandshake) · Issue #30 · matrixssl/matrixssl

In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles incoming network messages leading to a heap-based buffer overflow of up to 256 bytes and possible Remote Code Execution in parseSSLHandshake in sslDecode.c. During processing of a crafted packet, the server mishandles the fragment length value provided in the DTLS message.

CVE-2019-1010124

WebAppick WooCommerce Product Feed 2.2.18 and earlier is affected by: Cross Site Scripting (XSS). The impact is: XSS to RCE via editing theme files in WordPress. The component is: admin/partials/woo-feed-manage-list.php:63. The attack vector is: Administrator must be logged in.