Ubuntu Security Notice 3883-1 - It was discovered that LibreOffice incorrectly handled certain document files. If a user were tricked into opening a specially crafted document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. It was discovered that LibreOffice incorrectly handled embedded SMB connections in document files. If a user were tricked in to opening a specially crafted document, a remote attacker could possibly exploit this to obtain sensitive information. Various other issues were also addressed.
3590319206e9f994fc6427d7de0f5ff90c527befe59e8cf74e9ea0c9042ca778Ubuntu Security Notice 3882-1 - Wenxiang Qian discovered that curl incorrectly handled certain NTLM authentication messages. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. Wenxiang Qian discovered that curl incorrectly handled certain NTLMv2 authentication messages. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. Various other issues were also addressed.
8730f1a95efb3ad9f330fd2c5e6d04c57d0239a933014e5309ef2e03007ce512Smoothwall Express version 3.1-SP4-polar-x86_64-update9 suffers from a cross site scripting vulnerability.
c5b15d19a2f8686b7ac757fc9a606f57aae44781a679d8b37cda7e2bcb21ca4bFreeBSD Security Advisory - FreeBSD 12.0 attempts to handle the case where the receiving process does not provide a sufficiently large buffer for an incoming control message containing rights. In particular, to avoid leaking the corresponding descriptors into the receiving process' descriptor table, the kernel handles the truncation case by closing descriptors referenced by the discarded message. The code which performs this operation failed to release a reference obtained on the file corresponding to a received right. This bug can be used to cause the reference counter to wrap around and free the file structure. A local user can exploit the bug to gain root privileges or escape from a jail.
855f095edd8dddc5d144dfb14428d131335a8466a40afb0a5c40cf8aee8b1767FreeBSD Security Advisory - The callee-save registers are used by kernel and for some of them (%r8, %r10, and for non-PTI configurations, %r9) the content is not sanitized before return from syscalls, potentially leaking sensitive information. Typically an address of some kernel data structure used in the syscall implementation, is exposed.
236a816eea4311588ca36396d798417774e37912f40da745164d7609d6d42425Debian Linux Security Advisory 4385-1 - halfdog discovered an authentication bypass vulnerability in the Dovecot email server. Under some configurations Dovecot mistakenly trusts the username provided via authentication instead of failing. If there is no additional password verification, this allows the attacker to login as anyone else in the system. Only installations using.
6833491f703287eb135623eab6b3f3e0926f3acd5a1bb2dc72afa6c93a8a9b33River Past Audio Converter version 7.7.16 buffer overflow SEH exploit.
3719a0414392319cb88b60d4f36ea298ed46b68d879c1d4839d716282a54bd01osCommerce version 2.3.4.1 suffers from multiple remote SQL injection vulnerabilities.
7f8db9f4e59304f4d92aaa0b162605bd0f19e024b7b035707a7068233624f758WordPress YOP Poll plugin version 6.0.2 suffers from a cross site scripting vulnerability.
6ce5b54aff4a8eac3fb2bd30e96e747b3ca49fdaeb6c68b860c1055e4e5cbac1Ubuntu Security Notice 3881-2 - USN-3881-1 fixed a vulnerability in Dovecot. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Dovecot incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users. Various other issues were also addressed.
1d145a7d6061f246f48a848680c45f7979b1476512372f57248c8bafef25526bWordPress WP Live Chat plugin version 8.0.18 suffers from a cross site scripting vulnerability.
3c65dace4c32d5bb126aa011b151f596a00ebdef9522b9a5d705ba4cc01d15a9WordPress wpGoogleMaps plugin version 7.10.41 suffers from a cross site scripting vulnerability.
f839348b93ef6d68bb7fa55e3bc44b4563269eef679bb15b156c9865df902894Incorrect convexity assumptions in Skia can lead to multiple buffer overflow vulnerabilities.
3a576a2a2e1e3f21c3c1af4f1257d137b7f010a80f1df3c8ddb7ca7a404aec6dWordPress Social Networks Auto-Poster plugin version 4.2.7 suffers from a cross site scripting vulnerability.
131fb95529c8c295332376c3c639587c0c1bdb88d79767257773c33c5517a8b3OpenMRS Platform versions prior to 2.24.0 suffers from an insecure object deserialization vulnerability.
9bf1c1fe0961989653634a152fe1a2263d4a1488abc16bf63c5f68b95b248603WordPress KingComposer plugin version 2.7.6 suffers from a cross site scripting vulnerability.
70463eecc91264546a0667f547952464557785a98fd5161513136df55b04811aWordPress Give plugin version 2.3.0 suffers from a cross site scripting vulnerability.
ce3e8a04fae75df5ec50fe510a670381280f4159ff3a19cae2f7fb1e69c1d11dZyxel VMG3312-B10B DSL-491HNU-B1 V2 suffers from a cross site request forgery vulnerability.
7e3f03a26f7f5517b57b3f61a2a52176b323d51206b8e0458c08ca72520f6a92WordPress Font Organizer plugin version 2.1.1 suffers from a cross site scripting vulnerability.
9d04b6f05bfa2febbf6a55a21c100165d435279f2ee32ef5182b3528a606e6efRiver Past Audio Converter version 7.7.16 denial of service proof of concept exploit.
53850925202915ffedf3ddfced1e2f2e75428d4cb7c1ed526e961d86c36179b0WordPress Contact Form Email plugin version 1.2.65 suffers from cross site request forgery and cross site scripting vulnerabilities.
64c84aa453d6ebfbed2c8ac62d02d372dae688e4612e07e2beebf57ebe30e1adDevice Monitoring Studio version 8.10.00.8925 denial of service proof of concept exploit.
5c277f3328ce1e7a1812b46620dc796a0eab49bcd849fe88b89607082d0e8377WordPress Blog2Social plugin version 5.0.2 suffers from a cross site scripting vulnerability.
1164c4f3459b90f4f361cf7c366150917d4e8842d712ac45c41850a2392947abLinux/x86 random insertion encoder and decoder shellcode generator.
1c874cdca741bb9b1f5cb83bff6c4ba8db8cdc97becf03410749a4943debc7e3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed