A vulnerability in the Apache Solr Velocity template allows unauthenticated attackers to execute arbitrary OS commands.



This update adds automatic core name detection and newer supported versions.

An arbitrary code execution vulnerability in the Kibana Timelion visualizer allows an attacker with access to the application to send a request that will attempt to execute javascript code with permissions of the Kibana process on the host system.

A vulnerability in the Apache Solr Velocity template allows unauthenticated attackers to execute arbitrary OS commands.

This module has improvements for the Linux Kernel libfutex exploit.

A Buffer Overflow exists when parsing .XML files by Command Import. The vulnerability is caused due to a boundary error when handling a crafted .XML files.

The flaw exists in the GetUserPasswd function in BwPAlarm.dll due to improper validation of user-supplied data before copying the data to a fixed size stack-based buffer when processing an IOCTL 70603 RPC message.

This module exploits a flaw in the way sudo implemented running commands with arbitrary user ID. If a sudoers entry is written to allow the attacker to run a command as any user except root, this flaw can be used by the attacker to bypass that restriction.

A bug in the cdrom driver allows users with read access to the cdrom device to arbitrarily overwrite kernel memory when media is present thereby allowing a malicious user in the operator group to gain root privileges.

By abusing document's event feature in LibreOffice and the LibreLogo script, an attacker can execute arbitrary python code from within a malicious document silently, without user warning.

This module performs a bypass of CVE-2019-9848 by using global script events.

This update improves the processing of Client Side email templates.