TCPDF versions 6.2.19 and below suffer from a deserialization vulnerability that can allow for remote code execution.
c4935b1bec468d4305cf1499300d42f521083fed9900cd9b61485ae84fe7a467Apache CouchDB version 2.3.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
a8151accf125aaa23c543cc976db64a284b1027c29596ce6a1104e9da5b5eb45Ubuntu Security Notice 3916-1 - It was discovered that libsolv incorrectly handled certain malformed input. If a user or automated system were tricked into opening a specially crafted file, applications that rely on libsolv could be made to crash, resulting in a denial of service.
0a1588a1f320a52d90d846989ceddcdeac42599d44e9bb75a5cc345039d63c07DNS Spider is a multi-threaded bruteforcer of subdomains that leverages a wordlist and/or character permutation.
c8907d8f1866bfeb2cbff803208d108296b8c3d8c180e8ee0f109b19fd5cc91cDebian Linux Security Advisory 4413-1 - A heap-based buffer overflow was discovered in NTFS-3G, a read-write NTFS driver for FUSE. A local user can take advantage of this flaw for local root privilege escalation.
34ced0862ac4a17c86d87be51f3cc3d1b1cad9c5abd8c31acda65c4c20bc6a34Many WordPress themes and a plugin suffer from open redirection vulnerabilities. Age-Verification plugins version 0.5 is affected. Themes affected include Ev version 1.x, Nine-Day version 1.6, Aibbt version 1.0, itiis version 1.x, ifxPro.Cn version 5.0, 2kqq version 5.2, Azzxx version 1.2.1, BigChrome version 5.2, clsn-003 version 1.0, Concise version 2.8, TaozHuji version 5.2, UsaMusic-PC version 1.0, Wngzs version 1.0, 2018110612035976 version 1.7.3, Begin4.6 version 4.6, Begin5.2 version 5.2, Begin44 version 4.4, BeginLTS version 6, Zangai version 1.1.0, Deep version 5.4, and Wopus version 1.0.
dde24f2673dd10b7c2098a95653b2d7e373925d002e9b0ef39cff99af5b5192bMatri4Web Matrimony Web Script suffers from multiple remote SQL injection vulnerabilities.
9722a5414dcae7db768184cd3c8f5974f012497e660a89988f627f4a5a397a4cInout Article Base CMS suffers from a remote SQL injection vulnerability.
d9d86983d8b5883be30094b7a11999dccaf24fbd920d47731c7fd8ef3a153401I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
105773e11481cfcea0bc69b932895890ba5dd5e8d59ec322f06743bf2f15d211Ubuntu Security Notice 3917-1 - The snapd default seccomp filter for strict mode snaps blocks the use of the ioctl system call when used with TIOCSTI as the second argument to the system call. Jann Horn discovered that this restriction could be circumvented on 64 bit architectures. A malicious snap could exploit this to bypass intended access restrictions to insert characters into the terminal's input queue. On Ubuntu, snapd typically will have already automatically refreshed itself to snapd 2.37.4 which is unaffected.
13a2bdb1b443d25b262c5bc7b4b990dd9fd330319e9950c08bf7851a447bfb28Ubuntu Security Notice 3918-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, denial of service via successive FTP authorization prompts or modal alerts, trick the user with confusing permission request prompts, obtain sensitive information, conduct social engineering attacks, or execute arbitrary code. Various other issues were also addressed.
b4e53350aa233dd662095955993165e828a24f646ecc4eecc6a42c2dd5ddab2bUbuntu Security Notice 3913-1 - It was discovered that p7zip did not correctly handle certain malformed archives. If a user or automated system were tricked into processing a specially crafted archive with p7zip, then p7zip could be made to crash, possibly leading to arbitrary code execution.
b03a7e886ada2e7ec0f39d5ec4879e5d2ea608024e30bdd12d3b64496be85d73Ubuntu Security Notice 3915-1 - It was discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service.
785d89e6351285f26ba5954d1951f2c2bc5bd07172da38c843ae03bdfe77f796Ubuntu Security Notice 3914-1 - A heap buffer overflow was discovered in NTFS-3G when executing it with a relative mount point path that is too long. A local attacker could potentially exploit this to execute arbitrary code as the administrator.
f9f198b31ea5cf57ccfde0dda69e04199f8228a0470296e15a62ce16bf4fe3b4Red Hat Security Advisory 2019-0633-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Multiple vulnerabilities have been addressed.
81e91f878664edfe24b631bddbedf394ff019eacbc69110849c182fffd2a8ab5Meeplace Business Review Script suffers from a remote SQL injection vulnerability.
83a7a301e2f857fa3c3d70271b471f8a49dde213b4b2c8db73beab7e8ce5d933snap uses a seccomp filter with a blacklist for TIOCSTI can be circumvented.
dfe93c7e631a95ac963d06c283dbec8208a04af5c084bb298266d147901f846c
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed