WordPress Plainview Activity Monitor plugin is vulnerable to OS command injection which allows an attacker to remotely execute commands on the underlying system. Application passes unsafe user supplied data to ip parameter into activities_overview.php. Privileges are required in order to exploit this vulnerability. Vulnerable plugin version: 20161228 and possibly prior. Fixed plugin version: 20180826.
7ec3e2886cfeb10934e1758d21c4a3b07426bc1755426426441b88d92cfd7024
Debian Linux Security Advisory 4578-1 - Multiple security issues were found in libvpx multimedia library which could result in denial of service and potentially the execution of arbitrary code if malformed WebM files are processed.
9538be1083464e26484b6e8ca14c4fc07df96b18373e03b573fb4fce4742f597
Multiple denial of service vulnerabilities have been discovered and disclosed in the axTLS library versions 2.1.5 and below.
4b795ed8fab6f7bf3baf0d923f7583ab93caeae5946f05ef62eac4fd030fc492
OwnCloud version 8.1.8 suffers from a username disclosure vulnerability.
0307de97c325435adcb9198b8abdd9f7094e634c0324db4c86daa7772020153a
An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support "saved UID" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.
506feee71f53fac76413f6d8f5b4cad88bddee539003ffcdf0c54f19b9a741ec
Online Inventory Manager version 3.2 suffers from a persistent cross site scripting vulnerability.
2a17665cc12bcb9f3faa72d4270155382c77fe2c2ddc086fe1084d45f5d4bb75
Ubuntu Security Notice 4204-1 - Riccardo Schirone discovered that psutil incorrectly handled certain reference counting operations. An attacker could use this issue to cause psutil to crash, resulting in a denial of service, or possibly execute arbitrary code.
adc7ec85d31f5349a8be376afe8cf08edc4acfe1a9f39099e09b041b7b93cb51
Debian Linux Security Advisory 4577-1 - Tim Dusterhus discovered that haproxy, a TCP/HTTP reverse proxy, did not properly sanitize HTTP headers when converting from HTTP/2 to HTTP/1. This would allow a remote user to perform CRLF injections.
354b9471b47cedf156fae21fdd08eeb96eab9831e2b07a6b5c32125d5f285f6c
SpotAuditor version 5.3.2 Name and Key proof of concept denial of service exploits.
def21425b191e4950249069aa03b8a79033e22714038a46149d3ba19c72fa84b
Mersive Solstice version 2.8.0 suffers from a remote code execution vulnerability.
41ae2404927a39e963d537c545ef3a3209ea223a6fe1314299241b67ec6d3047
GHIA CamIP version 1.2 for iOS suffers from a denial of service vulnerability.
c3d5b41413dbf51de10e6b4f74f2284ed66cdd73572462d61d68618f2210df64
TexasSoft CyberPlanet version 6.4.131 suffers from a CCSrvProxy unquoted service path vulnerability.
94c1d807c9a0501d3748f8c41652394f08c36679caea0fdb76a866533ce69ded
WordPress version 5.3 suffers from a username enumeration vulnerability.
617224266959f06915a164de940bc67b50871dfdb40fbe6b480e2dc7741ec028
The CBC Gem Android and iOS applications (Android version 9.24.0 and below, iOS version 9.24.0 and below) sends potentially sensitive information such as device model and resolution, mobile carrier, days since first use, days since last use, total number of app launches, number of app launches since upgrade, and previous app session length, unencrypted to both first and third party sites (Adobe Marketing Cloud, ScorecardResearch).
0d3444a9cc732375e29149b598c57075ea9f0555e5ce5015c7e21c27660080f2
Ubuntu Security Notice 4203-2 - USN-4203-1 fixed a vulnerability in NSS. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
0dc3942145547db7073c63f6ed48403541f54ab1a7bc5cfe6da8ba310b7067d9
Ubuntu Security Notice 4203-1 - It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code.
26d9f79b62cfc9666137eb11e7d3580960296b1498984ff8db3f39ee2986e7c3
Grub2 has grub2-set-bootflag setuid in the new Fedora release and has the ability to corrupt the environment.
8b02b403cb65d197b55d479f14ebd82a934af9eca331f69bc357e66acc8a31b2
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
c8f8b030751ee35087e8fa264cc37a0d325186c0e8e6eee9eed0686115ddc0a4
Red Hat Security Advisory 2019-4019-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.2.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.4, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.5 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include bypass and denial of service vulnerabilities.
77fa65a96baf59af0b8d531b976dca7bd2a1955703ee9de2463044589dae5a5e
Red Hat Security Advisory 2019-4018-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.2.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.4, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.5 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include bypass and denial of service vulnerabilities.
ffe3f5988be6dd7a943f7be36a8d49a6410ecc07b452747fa50d6382976ff83a
The vulnerability allows rescaling and corrupting the Xiaomi Mi Box (model: MIBOX3, build.id : MHC19) display without any privilege requirement, thus creating an opportunity for a non-privilege malicious app to disable the basic functionalities that the TV box is offering or can even be used for ransomware purpose - e.g., each time a target streaming app is launched, the malicious app can corrupt the display.
e3d8df083eeb13cc51a2757aa687d0e3a726620f82fe26776aef9ee56634e546
B-Sides Ljubljana will be held April 4th, 2020 in Ljubljana, Slovenia.
e59afcb2a6860a3b97af31c75aff21ad03698f1084108171bbd8a64d30fb7939
Red Hat Security Advisory 2019-4021-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.2.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.4, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.5 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include bypass and denial of service vulnerabilities.
0722e12f5fc13d3dca84d18ffee8fd509dbd0efd0904fc31534cd18260a15f5d
Red Hat Security Advisory 2019-4020-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.2.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.4, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.5 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include bypass and denial of service vulnerabilities.
73f3bff9f1fe90e77f6f4781409305530671950778c27d425306cc58a81efb24
A double free vulnerability in the DDGifSlurp function in decoding.c in libpl_droidsonroids_gif before 1.2.15, as used in WhatsApp for Android before 2.19.244, allows remote attackers to execute arbitrary code or cause a denial of service. CVE-2019-11932 is a vulnerability in the android-gif-drawable library. Yet the CVE text doesn't mention "android-gif-drawable". It only mentions WhatsApp. There could be over 28,400 free Android apps that use this library.
deb671a58483113fa01c7556131f6c1924fc8c60528a056679836812d446ff89