Ubuntu Security Notice 3796-3 - USN-3796-1 fixed a vulnerability in Paramiko. This update provides the corresponding update for Ubuntu 18.10. Daniel Hoffman discovered that Paramiko incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass authentication without any credentials. Various other issues were also addressed.
bd9323b300f55025ce3f4e55310f69cc
Ubuntu Security Notice 3792-3 - USN-3792-1 fixed a vulnerability in Net-SNMP. This update provides the corresponding update for Ubuntu 18.10. It was discovered that Net-SNMP incorrectly handled certain certain crafted packets. A remote attacker could possibly use this issue to cause Net-SNMP to crash, resulting in a denial of service. Various other issues were also addressed.
6922096eae4f9412061212a2f8908aeb
Ubuntu Security Notice 3795-2 - USN-3795-1 fixed a vulnerability in libssh. This update provides the corresponding update for Ubuntu 18.10. Peter Winter-Smith discovered that libssh incorrectly handled authentication when being used as a server. A remote attacker could use this issue to bypass authentication without any credentials. Various other issues were also addressed.
e89cc04e069eca9525fb55fb63903774
Ubuntu Security Notice 3790-2 - USN-3790-1 fixed vulnerabilities in Requests. This update provides the corresponding update for Ubuntu 18.10 It was discovered that Requests incorrectly handled certain HTTP headers. An attacker could possibly use this issue to access sensitive information. Various other issues were also addressed.
1b19f7fc14a933f4057623fbde241997
The Chrome debugger extension API appears to have more power than necessary, including the ability to bypass the check for disabled natives.
7f04b4dbaa37e47793da6858cb2f0661
VestaCP versions 0.9.8-22 and below suffer from multiple cross site scripting vulnerabilities.
383e89ec1c0ee9282adbe48bc69bb406
Viva Visitor and Volunteer ID Tracking version 0.95.1 suffers from a remote SQL injection vulnerability.
a7bdb1af85aa0c2d43e314a0d6343f09
Traq version 3.7.1 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
0aef457c83d6fd108fe4b17521b80e1b
eNdonesia Portal version 8.7 suffers from a remote SQL injection vulnerability.
3cc4ca7ebbc356b5f8a59b1fbde6e3f1
AjentiCP versions 1.2.23.13 and below suffer from a persistent cross site scripting vulnerability.
295c5f4546a49a27b9be3056bdeb12f1
The Open ISES Project version 3.30A suffers from an arbitrary file download vulnerability.
021b5f4026c133b8b2fbc315e632216b
School ERP Ultimate version 2018 suffers from a remote SQL injection vulnerability.
895a26f1d022712bfe28574ffce213ee
The Open ISES Project version 3.30A suffers from a remote SQL injection vulnerability.
177af646b329a8c58f5910646e929802
Oracle Siebel CRM version 8.1.1 suffers from a CSV injection vulnerability.
14b6181049d2b8b95e64fbe8aea5fdef
School ERP Ultimate version 2018 suffers from an arbitrary file download vulnerability.
a0d372c5ad93a099be337afdcb50514c
MySQL Edit Table version 1.0 suffers from a remote SQL injection vulnerability.
19c3b4630111dd4e32c4693e85b43bd9
Modbus Poll version 7.2.2 suffers from a denial of service vulnerability.
87bf262caddd533fef12dd918ea17f86
AudaCity version 2.3 suffers from a denial of service vulnerability.
577194ca6c017ec013387cbdb4a19365
This exploit permits an attacker to bypass UAC by hijacking a registry key during computerSecurity.exe (auto elevate windows binary) execution.
2c1515d3cf000e306d865e349594543c