Moxa MX-AOPC UA server version 1.5 suffers from an XML external entity injection vulnerability.
fddbaa2065c62aecad0a07d6e23c2ad0e44f16c3227860ed21d602dfbc005faaWhile investigating bug 60718, it was noticed that some calls to application listeners did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application. Apache Tomcat versions 7.0.0 through 7.0.75, 8.0.0.RC1 through 8.0.41, 8.5.0 through 8.5.11, and 9.0.0.M1 through 9.0.0.M17 are affected.
193ab6114148905ba8825ba1b184c06507caac43be27d616db0d37daee7cc903Moxa MXView version 2.8 suffers from a denial of service vulnerability.
ee15ff8c93b9a8b1fad8541acf0ff16c7a615ec4a3eed39ac5fac990068aed38Code Igniter version 3.1.3 suffers from an HTTP response header injection vulnerability.
e52bee02d270e61fcc601feb04ba41a21c63d1351ad0c4f5b84ee7ac4a8b1654WordPress Tribulant Slideshow Gallery plugin versions 1.6.4 and below suffer from multiple cross site scripting vulnerabilities.
cf36f49a86ea3f82a1046c388c6f6d17ba5ee7c62071ee2bd4e998f1681cc18fThe refactoring of the HTTP connectors for 8.5.x onwards, introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in the same Processor being used for multiple requests which in turn could lead to unexpected errors and/or response mix-up. Apache Tomcat versions 8.5.0 through 8.5.12 and 9.0.0.M1 through 9.0.0.M18 are affected.
9e9a2ed68a0484d3c5eedcf6b96e3c1f556c0d256bfd0937b7b5acc81297e9efJobscript4Web version 4.5 suffers from a remote SQL injection vulnerability that can be leveraged for authentication bypass.
e3042b7a5235e668d70888481a9699ca205535e70908ebd279fb977de3e90c6dMoxa MXview version 2.8 suffers from a remote private key disclosure vulnerability.
5986ef93e2d09ab2475fbda2fb170751a1e9f4689785e02af7f737e55b418d01LastPass allows global properties to be modified across isolated worlds allowing for remote code execution.
9ed079fcb0d244aa6283137999747a3a863596c417d774f11999caccfd2cde18Xen suffers from a broken check in memory_exchange() that permits a PV guest breakout.
06a65900927d0ae50f499bf381cb1f57f6ac4ce13a285e0843a65faa968b723bThe MacOS/iOS kernel suffers from double free due to bad locking in fsevents device.
262850b875faadf8b393c23f94ab67e4e7ce65d2c09fc67f94f884cdd86d1fd1MacOS suffers from a kernel memory corruption due to an off-by-one in audit_pipe_open.
21a54047c8b3039a933e7ce82e134cfd26daad4f5ee3621c596b46d11e4ca14cThe MacOS/iOS kernel suffers from a heap overflow in bpf.
6b66f0500cb0eaf62440d1831b24b32d2950c87be93216f6251071c3b8466ec2WebKit suffers from a cross site scripting vulnerability via a synchronous page load.
92735631e0e061d11a4e9bee27724d113f8e61007a2e2baf066275e4b780138eWebKit suffers from a cross site scripting vulnerability via a focus event and a link element.
150fd73a684ece855490a6f6c898fd1b32492efd3abf6b355ecf7177e77dc76aThe MacOS/iOS kernel suffers from a use-after-free vulnerability due to bad locking in necp_open.
d334d5641f00902e731e8078d52aee2b598b18a6157983f48de2e66a278c8cd4WebKit suffers from a use-after-free vulnerability in WebCore::toJS.
adb86ce12fcc6e8a86e2e77aaae5414ee3c6f2d62117a441a2dc1b2f81ae2f4d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed