LastPass suffers from an issue where bypassing do_popupregister() leaks credentials from the previous site.
e91aef0b7b7de488bc6fb1b7167218cb57d0484b98f8e1376f39b3cadbd7f574Ubuntu Security Notice 4124-2 - USN-4124-1 fixed a vulnerability in Exim. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that Exim incorrectly handled certain decoding operations. A remote attacker could possibly use this issue to execute arbitrary commands. Various other issues were also addressed.
71d8e06b2c0c4cae4eecb4ffbda30d10eebc44079e9ff99b08f2472331d3317fDebian Linux Security Advisory 4523-1 - Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code, cross-site scripting, information disclosure and a covert content attack on S/MIME encryption using a crafted multipart/alternative message.
967040fbd9171f3b407f3ab9a0be62a4592c18053d4ec0a0f46e543fc5f9373fInteno EG200 routers with firmware versions EG200-WU7P1U_ADAMO3.16.4-190226_1650 and below have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to decrypt the provisioning file provided by Adamo Telecom on a public URL via cleartext HTTP.
39f36f4b6db5a31b0de8f71b6618765de1c62790a395b11e89b90ba6c5ca5670Red Hat Security Advisory 2019-2774-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.9.0. Issues addressed include cross site scripting and use-after-free vulnerabilities.
3c16fc4cc180d6fe147e9d65f595a3f31a52151e992d0e5d130ce3cae1e23e6dUbuntu Security Notice 4134-1 - Simon McVittie discovered that IBus did not enforce appropriate access controls on its private D-Bus socket. A local unprivileged user who discovers the IBus socket address of another user could exploit this to capture the key strokes of the other user.
ed92e9e046984937207054328dcbba793eb2ef62bdf1c54b81a17f9db3ef13c2docPrint Pro version 8.0 suffers from a SEH buffer overflow vulnerability.
1e614fb447afd0b36c2e12b10f63bf118d4cfc22467707b5d7072f5e0ac8217eUbuntu Security Notice 4133-1 - It was discovered that Wireshark improperly handled certain input. A remote or local attacker could cause Wireshark to crash by injecting malformed packets onto the wire or convincing someone to read a malformed packet trace file.
9c9c4741019601e94212dc80ac960db60e2bddb1eb957b1ccec83ee8da1600cdDebian Linux Security Advisory 4522-1 - Multiple vulnerabilities have been discovered in faad2, the Freeware Advanced Audio Coder. These vulnerabilities might allow remote attackers to cause denial-of-service, or potentially execute arbitrary code if crafted MPEG AAC files are processed.
33b9fccecf4353ae4a2b83a59bf84ceb570c6f8ad53dd6dfc6f568c4274c84e3AppXSvc version 17763.1.amd64fre.rs5_release.180914-1434 suffers from an arbitrary file security descriptor overwrite privilege escalation vulnerability.
f49c3a4798f6de0b0e932407bc8aae3873282516c62cce9782739f11c9e278a0Master Data Online suffers from a cross site request forgery vulnerability that allows for data tampering.
44c88779610ebd4f3d5c4f4e62acdbc7a81948f558f8ae470f6da5b266509b54
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed