CVE-2019-9865
published 2019-05-29CVE-2019-9865: When RPC is enabled in Wind River VxWorks 6.9 prior to 6.9.1, a specially crafted RPC request can trigger an integer overflow leading to an out-of-bounds…
PriorityP341high8.1CVSS 3.0
AVNACHPRNUINSUCHIHAH
EPSS
2.00%
78.2th percentile
When RPC is enabled in Wind River VxWorks 6.9 prior to 6.9.1, a specially crafted RPC request can trigger an integer overflow leading to an out-of-bounds memory copy. It may allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| windriver | vxworks | — | — |
| windriver | vxworks | — | — |
| windriver | vxworks | — | — |
| windriver | vxworks | >= 6.9 < 6.9.1 | 6.9.1 |
CVSS provenance
nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
arXiv
Automatically Proving Microkernels Free from Privilege Escalation from their Executable
arxiv_fulltext·2020-03-19·CVSS 8.1
[HIGH] Automatically Proving Microkernels Free from Privilege Escalation from their Executable
[1]redXXX: #1
[1]greenMAYBE: #1
[1]
## Abstract
Operating system kernels are the security keystone of most computer
systems, as they provide the core protection
mechanisms. Kernels are in particular responsible for their own security,
i.e. they must prevent untrusted user tasks from reaching their
level of privilege.
We demonstrate that proving such absence
of privilege escalation is a pre-requisite for any definitive
security proof of the kernel.
While prior OS kernel formal verifications were performed either on source code
or crafted kernels, with manual or semi-automated methods requiring significant human efforts in annotations
or proofs,
we show that it is possible to compute such kernel security proofs using
fully-automated methods and starting from the executable code of an
exi
Bugzilla
CVE-2019-16221 wordpress: reflected XSS in the dashboard
bugzilla·2019-11-25·CVSS 6.1
CVE-2019-16221 [MEDIUM] CVE-2019-16221 wordpress: reflected XSS in the dashboard
CVE-2019-16221 wordpress: reflected XSS in the dashboard
WordPress before 5.2.3 allows reflected XSS in the dashboard.
Reference:
https://wpvulndb.com/vulnerabilities/9865
Discussion:
Created wordpress tracking bugs for this issue:
Affects: epel-6 [bug 1776442]
Affects: epel-7 [bug 1776443]
2019-05-29
Published