MikroTik RouterOS suffers from NULL pointer dereference, memory corruption and division by zero vulnerabilities.
093cf827a466522125a9a60ebaa8035bdab73e9adbf53421b45d078526ed91b9The VSIX Installer of Visual Studio allows for revival of expired code-signing certificates and modification of timestamps.
1932bca2b0e783b85e85684f614bf214f5590a29611bd69f1965b60a056e9d5eOnline Book Store version 1.0 suffers from a remote SQL injection vulnerability.
889485056ea0278e03e33c2e37637e47e02417c5c9ffd5e84492bdf987f9cc93Debian Linux Security Advisory 4754-1 - Multiple security issues have been found in Thunderbird which could result in the execution of arbitrary code or the unintended installation of extensions.
3981bb9f2545755f1cdf95e9bb3980e31dc5d26cb8f57a58049de6efb9f6c11cDebian Linux Security Advisory 4756-1 - Faidon Liambotis discovered that Lilypond, a program for typesetting sheet music, did not restrict the inclusion of Postscript and SVG commands when operating in safe mode, which could result in the execution of arbitrary code when rendering a typesheet file with embedded Postscript code.
bfdff4be267892f408601b1cfa29fd5f975363de871cb3de0774e87e4bc19055TP-Link WDR4300 with firmware versions 3.13.33 and 3.14.3 post-authentication remote code execution exploit.
efe1a7401f03a5f9c81b8eb4bb60d718a7f4ccad13e2f144afa2bfb2bac9dfd5Debian Linux Security Advisory 4741-1 - Tobias Stoeckmann discovered an integer overflow in the json-c JSON library, which could result in denial of service or potentially the execution of arbitrary code if large malformed JSON files are processed.
a624d5ab564c8fd412469da7a39fbfdbbb94b00bafbaef4eeaf9161434f5d3b9Debian Linux Security Advisory 4744-1 - It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, is prone to cross-site scripting vulnerabilities in handling invalid svg and math tag content.
1cd30b3d54f45f2e18cfaf9ea71c657a8c040777efe171720fd0843567fa80a8Debian Linux Security Advisory 4746-1 - Several vulnerabilities were discovered in net-snmp, a suite of Simple Network Management Protocol applications, which could lead to privilege escalation.
83b5d59ffab79a217eb9cf992eef6fe4c92aabc95d5b419a5b1ab1082a241ed6Debian Linux Security Advisory 4747-1 - A directory traversal vulnerability was discovered in Icinga Web 2, a web interface for Icinga, which could result in the disclosure of files readable by the process.
acc8acd40cdce4196aae50a16724f8ae73cd370fa63d37da04ba26c0f989d690Debian Linux Security Advisory 4748-1 - Multiple security issues were discovered in Ghostscript, the GPL PostScript/PDF interpreter which could result in denial of service and potentially the execution of arbitrary code if malformed document files are processed.
1e70c3877e5bb25cc59143e89941cafd87e7e571a726fdad370fe74d42112bbdDebian Linux Security Advisory 4750-1 - It was reported that the Lua module for Nginx, a high-performance web and reverse proxy server, is prone to a HTTP request smuggling vulnerability.
069a0750508098f2ee6bfc51176f8bbdb3174e2266c7e9b5ec99e5b2a52e854fDebian Linux Security Advisory 4752-1 - Several vulnerabilities were discovered in BIND, a DNS server implementation.
237dadcb5460cd41550b3d247f118957ce0398434f7b64164ff802d0bf414c5cDebian Linux Security Advisory 4753-1 - A heap-based buffer overflow flaw was discovered in MuPDF, a lightweight PDF viewer, which may result in denial of service or the execution of arbitrary code if a malformed PDF file is opened.
a720d618b0a524b333005786d05637f0fece2d59c918a769a799ef1108e12769Debian Linux Security Advisory 4755-1 - Multiple security issues were found in the OpenEXR image library, which could result in denial of service and potentially the execution of arbitrary code when processing malformed EXR image files.
84054f2502a28bc847257291db8abc11cfced6707361d33b2bf8f7d0a6344057Gentoo Linux Security Advisory 202008-18 - Multiple vulnerabilities have been found in X.org X11 library, the worst of which could result in the arbitrary execution of code. Versions less than 1.6.12 are affected.
e3dcf0ff66dcf77049ea1208252a28831ead0b0d320e99ef1dd9274d980b25a0Symphony CMS version 3.0.0 suffers from a persistent cross site scripting vulnerability.
2e44366f893d3e12294a36d49eeaca34428e4d82f50595d15725bbc37035ee42WordPress Autoptimize plugin version 2.7.6 suffers from an authenticated remote shell upload vulnerability.
22351f0d0d7c3f44bb5f337f9236dda428c979d350043aa67d965801fc39d337Gentoo Linux Security Advisory 202008-17 - Multiple vulnerabilities have been found in Redis, the worst of which could result in the arbitrary execution of code. Versions less than 5.0.9 are affected.
db24a85e4e23bd66c5ed821031a74352b867e8b531b443300307014d175cb546SUPERAntiSpyware Professional X Trial versions prior to 10.0.1206 suffer from a local privilege escalation vulnerability.
e338d1a038c462ffe3d9181e3b9e8eb1c580efd207a6480e628ceddc80e9935bNagios Log Server version 2.1.6 suffers from a persistent cross site scripting vulnerability.
0cbb3b91d14242f1ed289d73d97c2121efccdce37c5db3a5293e44fad703220bZTE Mobile Hotspot MS910S version DL_MF910S_CN_EUV1.00.01 suffers from having a hard-coded administrative password, busybox vulnerabilities, and having a known backdoor in the GoAhead webserver.
4f066c4a8cdc5c194bf13e721d902a077e402bf503eb72e35b7aa253ae12cbc4Eikon Thomson Reuters version 4.0.42144 suffers from a weak permissions issue that can lead to code execution.
cefd3a573b7ca1df14112830ceb07fbac0edea5f7fa5c698ca9c4056ae2633ccUbuntu Security Notice 4477-1 - Amit Klein discovered that Squid incorrectly validated certain data. A remote attacker could possibly use this issue to perform an HTTP request smuggling attack, resulting in cache poisoning. RĂ©gis Leroy discovered that Squid incorrectly validated certain data. A remote attacker could possibly use this issue to perform an HTTP request splitting attack, resulting in cache poisoning. Lubos Uhliarik discovered that Squid incorrectly handled certain Cache Digest response messages sent by trusted peers. A remote attacker could possibly use this issue to cause Squid to consume resources, resulting in a denial of service. Various other issues were also addressed.
e30d35415018b5770194d1b9730378b888542946cf0e323dd1be4b7182755fd8Ubuntu Security Notice 4476-1 - It was discovered that NSS incorrectly handled some inputs. An attacker could possibly use this issue to expose sensitive information.
0cb861156c6c38c6bee4357a5840c4d3a167d2d9e2279055d791e5de14791c64
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed