Debian Linux Security Advisory 4637-1 - Kobus van Schoor discovered that network-manager-ssh, a plugin to provide VPN integration for SSH in NetworkManager, is prone to a privilege escalation vulnerability. A local user with privileges to modify a connection can take advantage of this flaw to execute arbitrary commands as root.
0bcfc1f9b60f364e802b9703ccd302227b82c7fc8b2a3d093b9da1fde2116589Debian Linux Security Advisory 4638-1 - Several vulnerabilities have been discovered in the chromium web browser.
f1d7d8fc7660736bca421146ad5d260b843093a2c82bc57d8db4ffa2c3e4bbefDebian Linux Security Advisory 4639-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
58a11b57f05936127a466550683eb0fa6f42c5d12f66fd85a10e35384557a63bDebian Linux Security Advisory 4640-1 - handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed media files are processed.
270dc8a682bea4ac1ace4b7a2aa472c7d4bea5b4613a776864fbdf3740a2ab68Debian Linux Security Advisory 4641-1 - Vulnerabilities have been discovered in the webkit2gtk web engine.
c9568fb73cb85d36f251d23d6552f12efcbed59af201d8213e6671351790109aDebian Linux Security Advisory 4642-1 - Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code.
e1e39f2d3300a2b6b20787091d1689c4393bf0a273f99f3144c80ce1c4c7a1abDebian Linux Security Advisory 4643-1 - It was reported that python-bleach, a whitelist-based HTML-sanitizing library, is prone to a mutation XSS vulnerability in bleach.clean when strip=False and 'math' or 'svg' tags and one or more of the RCDATA tags were whitelisted.
fa8f325702803b534ade8e4bb05e7285c5a513fdb43b133a6fd6e756e4f8ee39Debian Linux Security Advisory 4644-1 - A denial of service vulnerability (by triggering high CPU consumption) was found in Tor, a connection-based low-latency anonymous communication system.
84fb8a09b6586841538937d668832c5199d47fb8242b51999110cb3df3451d6eDebian Linux Security Advisory 4645-1 - Several vulnerabilities have been discovered in the chromium web browser.
676b203db61a609b382f0d4e9fda48541b9a2242d686f4a3cf49e546b04a2d51Debian Linux Security Advisory 4646-1 - Andre Bargull discovered an integer overflow in the International Components for Unicode (ICU) library which could result in denial of service and potentially the execution of arbitrary code.
1f7b4ca1efd04fe7858eabb3bec876beced539192d487b14f50cee2ed3179315Debian Linux Security Advisory 4647-1 - It was reported that the BlueZ's HID and HOGP profile implementations don't specifically require bonding between the device and the host. Malicious devices can take advantage of this flaw to connect to a target host and impersonate an existing HID device without security or to cause an SDP or GATT service discovery to take place which would allow HID reports to be injected to the input subsystem from a non-bonded source.
162dbfbf7a51afb140e41ea95ef8bda9cb2caf97846e78d132ef4a2915d79a3cDebian Linux Security Advisory 4648-1 - Russ Allbery discovered a buffer overflow in the PAM module for MIT Kerberos, which could result in denial of service or potentially the execution of arbitrary code.
c5eae23da915c5e658fb96e20fa877eb3a12e3585e54b30300f65c17b3b80b42Micro Focus Vibe version 4.0.6 suffers from a cross site scripting vulnerability.
b704ace34d0c7e6b2d7922015fd9228515f6cebf2302a5f752c27dee84dfa06dMicro Focus Vibe version 4.0.6 suffers from an html injection vulnerability.
5f9ffbfad0ad714375f7ca82a8f6f5eb5dd45f8670aa28158fa82ea9bff0d765IBM Cognos TM1 Server / Planning Analytics Server (TM1) suffers from a configuration overwrite vulnerability that can be leveraged to achieve code execution as SYSTEM via TM1 scripting. Extensive research is included in this advisory as well as the Metasploit module.
7adaef0a254ef114813a1fd3002f76240f5426ebf3ada7a99fac67252f614370This Metasploit module exploits some DLINK Access Points that are vulnerable to an authenticated OS command injection. Default credentials for the web interface are admin/admin.
a2f0e8cf76051e688f4ad0f0c6c2006837b156b7ef27c777a6a73c0c8435e559codeBeamer versions 9.5 and below suffer from multiple persistent cross site scripting vulnerabilities.
ad369fec0c3f1233771579bb12bfb9e9b346a7907407bfb4a1a7b305585f8c55rConfig version 3.9.4 searchField unauthenticated remote root code execution exploit.
286d169b9325c701681f3ca01b90d56974a51fe70471f6d1ba94a2d175b1f7a8FreeCommander XE 2020 Build 810a 32-bit suffers from a pathname buffer overflow vulnerability.
60d82e33f0c7f4253ddc265c3479423769c54f1a48cc6ae26922cfd73df607d2Apple Security Advisory 2020-03-25-2 - iCloud for Windows 7.18 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.
96ab81fe377fcfec5e673df49ba97fc74d44e1974d38e9711f12e9456a8da14bApple Security Advisory 2020-03-25-1 - iCloud for Windows 10.9.3 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.
acea9f0b0cce60f1793d0187de42beed290b55978ebb0659695bb8aa50a3f1b7Webexcels Ecommerce CMS version 2.x suffers from cross site scripting and remote SQL injection vulnerabilities.
f1a0150ad98e19ccd148216e1b64e6e01d5ff4f6ed52d98077cbc41e152cfd9e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed