Sony Smart TVs suffer from information disclosure and arbitrary file read vulnerabilities.

Link: https://packetstormsecurity.com/files/152612/sonysmarttvs-fileread.txt

Ubuntu Security Notice 3936-2 – USN-3936-1 fixed a vulnerability in AdvanceCOMP. This update provides the corresponding update for Ubuntu 19.04. It was discovered that AdvanceCOMP incorrectly handled certain PNG files. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.

Link: https://packetstormsecurity.com/files/152615/USN-3936-2.txt

Msvod version 10 suffers from a cross site request forgery vulnerability.

Link: https://packetstormsecurity.com/files/152604/msvod10-xsrf.txt

100 bytes small Linux/ARM password protected reverse TCP shell shellcode.

Link: https://packetstormsecurity.com/files/152602/linuxarmpprshell-shellcode.txt

systemd suffers from a lack of seat verification in the PAM module and in turn permits the spoofing of an active session to polkit.

Link: https://packetstormsecurity.com/files/152610/GS20190424002035.txt

Red Hat Security Advisory 2019-0856-01 – Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.2.7 serves as a replacement for Red Hat Single Sign-On 7.2.6, and includes bug fixes and enhancements.

Link: https://packetstormsecurity.com/files/152605/RHSA-2019-0856-01.txt

UliCMS versions 2019.2 and 2019.1 suffers from multiple cross site scripting vulnerabilities.

Link: https://packetstormsecurity.com/files/152608/ulicms2019-xss.txt

This Metasploit module exploits SQL injection and command injection vulnerability in the ManageEngine AM versions 14 and below.

Link: https://packetstormsecurity.com/files/152607/meam140-exec.rb.txt

Linux suffers from a page->_refcount overflow via FUSE with ~140GiB RAM usage.

Link: https://packetstormsecurity.com/files/152609/GS20190424001901.tgz