The JasPer project is an open source implementation for the JPEG-2000 codec. The library is affected by a double-free vulnerability in function jas_iccattrval_destroy() as well as a heap-based buffer overflow in function jp2_decode(). A specially crafted jp2 file, can be used to trigger the vulnerabilities. Versions 1.900.1 and below are affected.
798d515d2ffb136a29cd7ca51ecc0132ba783edfb641c23ed98f666d2bd80e5eiBackup version 10.0.0.45 suffers from a privilege escalation vulnerability.
f8234c8002f8415d0148571642c6e9af39afe89f33becf443ddf13aeecbfa0a0TennisConnect version 9.927 suffers from a cross site scripting vulnerability.
f244ce41ca3796d1fe50df063102d77a36ce63a9dccf714002f9f9bc5e5626ebJCE-Tech version 4.0 suffers from a cross site scripting vulnerability.
441a179317009110053a59995e002c92691f62f5c3041ef3ea86ee2cfe8b31c8Gentoo Linux Security Advisory 201412-31 - Multiple vulnerabilities in ZNC could lead to Denial of Service. Versions less than 1.2-r1 are affected.
8971bd93580bc9ceb67c0477013cd3878b15f6737d04b74064d4095aa93e40f1NetIQ Access Manager version 4.0 SP1 suffers from cross site request forgery, external entity injection, information disclosure, and cross site scripting vulnerabilities.
320f0bd45b1d76c447e2f9652fd8ee7c2db0f94b4c3c1ff00b05f978a6cc03b0G-Parted versions 0.14.1 and below suffer from a root privilege escalation command execution vulnerability.
22d59ee6ab3ecbc032151958235d46b8b87c383d2fc085ccae3a73125bc45eb5VDG Security SENSE version 2.3.13 suffers from buffer overflow, authentication bypass, file disclosure, password disclosure, and information leakage vulnerabilities.
ac434a1ed45818872cf0689b9c03f2efbd4c708358bf3dc82697edeb0a4ddbf6TWiki versions 6.0.0 and 6.0.1 suffer from a WebSearch cross site scripting vulnerability.
3c386fd31deb35c5c17c6e38e1c48abe7134a8dd4633f091bc6a6e15da5a5f72TWiki version 6.0.1 suffers from a cross site scripting vulnerability in the QUERYSTRING and QUERYPARAMSTRING variables.
7d6060a6f3ac1cf0e347eac2b79617dbb2f7a92dda2f6ea4a24b643a009f569eFacebook Studio suffered from a cross site scripting vulnerability.
6c44cbb682aafd6daec44b1de42940894bcdb8d43089d73242d17f4e0333676dRed Hat Security Advisory 2014-2019-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was discovered that the Apache CXF incorrectly extracted the host name from an X.509 certificate subject's Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. It was found that Apache WSS4J, as used by Apache CXF with the TransportBinding, did not, by default, properly enforce all security requirements associated with SAML SubjectConfirmation methods. A remote attacker could use this flaw to perform various types of spoofing attacks on web service endpoints secured by WSS4j that rely on SAML for authentication.
d1f902a13bdbffd75588118d8e7160b3d1dc012f90bc2a1f9ff99b3f85bb0030Red Hat Security Advisory 2014-2020-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was discovered that the Apache CXF incorrectly extracted the host name from an X.509 certificate subject's Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. It was found that Apache WSS4J, as used by Apache CXF with the TransportBinding, did not, by default, properly enforce all security requirements associated with SAML SubjectConfirmation methods. A remote attacker could use this flaw to perform various types of spoofing attacks on web service endpoints secured by WSS4j that rely on SAML for authentication.
218d58c7a0731c77c1a1782f4579ac364cf591192d81eef95803e5404f5120c4Red Hat Security Advisory 2014-2023-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was found that the wordexp() function would perform command substitution even when the WRDE_NOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp() function, and not sanitizing the input correctly, could potentially use this flaw to execute arbitrary commands with the credentials of the user running that application.
1a729c8365de7fcb60f232832a81c20bc4f9497690301c4c5976e0a515d81582Red Hat Security Advisory 2014-2021-01 - JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Multiple off-by-one flaws, leading to heap-based buffer overflows, were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code.
1767faf218d3e38faf737754605d6b4836322c1d854a8e54c691d8615c5a31afE-Journal CMS suffers from remote SQL injection and privilege escalation vulnerabilities.
9298e8ad7711b487909c7268ffc3a5b282329dc56644725e20346394219ff0b1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed