Ubuntu Security Notice 3883-1 - It was discovered that LibreOffice incorrectly handled certain document files. If a user were tricked into opening a specially crafted document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. It was discovered that LibreOffice incorrectly handled embedded SMB connections in document files. If a user were tricked in to opening a specially crafted document, a remote attacker could possibly exploit this to obtain sensitive information. Various other issues were also addressed.
3a1aa43861dde35ad0fb4173c374375bUbuntu Security Notice 3882-1 - Wenxiang Qian discovered that curl incorrectly handled certain NTLM authentication messages. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. Wenxiang Qian discovered that curl incorrectly handled certain NTLMv2 authentication messages. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. Various other issues were also addressed.
0f925b1c5398dda61353888f8f8f00b0Smoothwall Express version 3.1-SP4-polar-x86_64-update9 suffers from a cross site scripting vulnerability.
466668486d6fe9caea806da6d15dc89dFreeBSD Security Advisory - FreeBSD 12.0 attempts to handle the case where the receiving process does not provide a sufficiently large buffer for an incoming control message containing rights. In particular, to avoid leaking the corresponding descriptors into the receiving process' descriptor table, the kernel handles the truncation case by closing descriptors referenced by the discarded message. The code which performs this operation failed to release a reference obtained on the file corresponding to a received right. This bug can be used to cause the reference counter to wrap around and free the file structure. A local user can exploit the bug to gain root privileges or escape from a jail.
d2a5625f6a6acebfab7130396aaad041FreeBSD Security Advisory - The callee-save registers are used by kernel and for some of them (%r8, %r10, and for non-PTI configurations, %r9) the content is not sanitized before return from syscalls, potentially leaking sensitive information. Typically an address of some kernel data structure used in the syscall implementation, is exposed.
4fa532c6e04c2f256ea9ead2ce8d94a8Debian Linux Security Advisory 4385-1 - halfdog discovered an authentication bypass vulnerability in the Dovecot email server. Under some configurations Dovecot mistakenly trusts the username provided via authentication instead of failing. If there is no additional password verification, this allows the attacker to login as anyone else in the system. Only installations using.
59f2eb21224b4ade9f55a314275c3509River Past Audio Converter version 7.7.16 buffer overflow SEH exploit.
956a7fd47b7777cb9406178fef991fc5osCommerce version 2.3.4.1 suffers from multiple remote SQL injection vulnerabilities.
8fea5cf7d607b45bbf0739919ed24e08WordPress YOP Poll plugin version 6.0.2 suffers from a cross site scripting vulnerability.
f49372ac89935efd99a329703c3b2ac3Ubuntu Security Notice 3881-2 - USN-3881-1 fixed a vulnerability in Dovecot. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Dovecot incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users. Various other issues were also addressed.
9d23ce1274d573e9d037153a6f17b56bWordPress WP Live Chat plugin version 8.0.18 suffers from a cross site scripting vulnerability.
5328e43dbd0cb5e43a34ad7681697113WordPress wpGoogleMaps plugin version 7.10.41 suffers from a cross site scripting vulnerability.
356e04d4a085a90d5fb5f56c87053aa5Incorrect convexity assumptions in Skia can lead to multiple buffer overflow vulnerabilities.
db5ddb42f112cdaac1ac2d70bcdebc9aWordPress Social Networks Auto-Poster plugin version 4.2.7 suffers from a cross site scripting vulnerability.
bbffb806178e46c12654e876c046fab8OpenMRS Platform versions prior to 2.24.0 suffers from an insecure object deserialization vulnerability.
9337bc5297d0fd2e7407cddfae73ab12WordPress KingComposer plugin version 2.7.6 suffers from a cross site scripting vulnerability.
1e38372f668c067d98205a34c1f25cbbWordPress Give plugin version 2.3.0 suffers from a cross site scripting vulnerability.
76609cd5b42353b9a525a9c2ed1f15e1Zyxel VMG3312-B10B DSL-491HNU-B1 V2 suffers from a cross site request forgery vulnerability.
d03489f72f2fda1507d259824d00692eWordPress Font Organizer plugin version 2.1.1 suffers from a cross site scripting vulnerability.
eacb9f0eaa97c1934254f1039bd2acd2River Past Audio Converter version 7.7.16 denial of service proof of concept exploit.
02b6fb485b21ee34945ef72cb05ca9e1WordPress Contact Form Email plugin version 1.2.65 suffers from cross site request forgery and cross site scripting vulnerabilities.
a45930f318c3daf72f829b4afa303a37Device Monitoring Studio version 8.10.00.8925 denial of service proof of concept exploit.
8e87f007e01aa3082e704d734b2d9e09WordPress Blog2Social plugin version 5.0.2 suffers from a cross site scripting vulnerability.
361d66ce2b9e0256cf6e637e381159d9Linux/x86 random insertion encoder and decoder shellcode generator.
427e3657cccf1dbed731545609284bc7
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed