Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2019-7753
PUBLISHED: 2019-02-12

Verydows 2.0 has XSS via the index.php?m=api&c=stats&a=count referrer parameter.

CVE-2019-5595
PUBLISHED: 2019-02-12

In FreeBSD before 11.2-STABLE(r343782), 11.2-RELEASE-p9, 12.0-STABLE(r343781), and 12.0-RELEASE-p3, kernel callee-save registers are not properly sanitized before return from system calls, potentially allowing some kernel data used in the system call to be exposed.

CVE-2019-5596
PUBLISHED: 2019-02-12


In FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE before r343781, and 12.0-RELEASE before 12.0-RELEASE-p3, a bug in the reference count implementation for UNIX domain sockets can cause a file structure to be incorrectly released potentially allowing a malicious local user to gain …

CVE-2019-3923
PUBLISHED: 2019-02-12


Nessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper validation of user-supplied input. An authenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code in a user’s browser se…

CVE-2018-9582
PUBLISHED: 2019-02-11


In package installer in Android-8.0, Android-8.1 and Android-9, there is a possible bypass of the unknown source warning due to a confused deputy scenario. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation…

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Top
%d bloggers like this: