linux vulnerabilities and exploits

NA
CVE-2019-14899

Multiple Linux distributions could allow a remote attacker to bypass security restrictions, caused by issues related to systemd and rp_filter configuration. By sending specially-crafted network packets, an attacker could exploit this vulnerability to infer and hijack...

NA
CVE-2019-17270

Yachtcontrol versions dated 2019-10-06 suffer from an unauthenticated remote code execution vulnerability....

NA
CVE-2019-16885

In OkayCMS through 2.3.4, an unauthenticated attacker can achieve remote code execution by injecting a malicious PHP object via a crafted cookie. This could happen at two places: first in view/ProductsView.php using the cookie price_filter, and second in api/Comparison.php via...

7.5
CVSSv2
CVE-2019-16702

Integard Pro 2.2.0.9026 allows remote attackers to execute arbitrary code via a buffer overflow involving a long NoJs parameter to the /LoginAdmin URI....

Integard Pro ProjectIntegard Pro
NA
CVE-2019-17387

An authentication flaw in the AVPNC_RP service in Aviatrix VPN Client through 2.2.10 allows an attacker to gain elevated privileges through arbitrary code execution on Windows, Linux, and macOS....

NA
CVE-2019-17388

Weak file permissions applied to the Aviatrix VPN Client through 2.2.10 installation directory on Windows and Linux allow a local attacker to execute arbitrary code by gaining elevated privileges through file modifications....

NA
CVE-2019-19602

fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in the Linux kernel before 5.4.2, when GCC 9 is used, allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact because of incorrect fpu_fpregs_owner_ctx...

NA
CVE-2019-19228

Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allow attackers to bypass authentication because the password for the today account is stored in the /tmp/web_users.conf file....

NA
CVE-2019-11216

BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. One can import a malicious XML file and perform XXE attacks to download local files from the server, or do DoS attacks with XML expansion attacks. XXE with direct response and XXE OOB are...

NA
CVE-2019-19229

admincgi-bin/service.fcgi on Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allows action=download&filename= Directory Traversal....